import pathlib
import sys
sys.path.insert(1, '../')
from sec_sysmon.xml_reader import XMLReader
import plotly.graph_objects as go
import plotly.offline as pyo
from sec_sysmon.rule_classifier import Analyzer
pyo.init_notebook_mode()
# read training data
input_data = [(i, XMLReader(f"../Logs/Train/Person_{i}/Security.xml", f"../Logs/Train/Person_{i}/Sysmon.xml")) for i in range(1, 7)]
analyzer = Analyzer(input_data)
import json
for attr in analyzer.occurence:
x = [label for label in analyzer.occurence[attr]]
y = [analyzer.occurence[attr][label] for label in x]
bar = go.Bar(name='occurence', x=[f'Person{label}' for label in x], y=y, text=[round(n,2) for n in y], textposition='auto')
print(f"# {attr}")
print(json.dumps(analyzer.occurence[attr], indent=4))
fig = go.Figure(data=[bar])
fig.update_layout(xaxis_type='category', title_text=attr, barmode='group')
fig.show()
# system.EventID
{
"1": 1.0,
"2": 1.0,
"3": 1.0,
"4": 1.0,
"5": 1.0,
"6": 1.0
}
# event_data.ObjectType
{
"1": 0.0020242914979757085,
"2": 0,
"3": 0.902600082542303,
"4": 0,
"5": 0.004036908881199538,
"6": 0.001392757660167131
}
# event_data.TargetProcessId
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.Image
{
"1": 0.8360323886639676,
"2": 0.8869047619047619,
"3": 0.07985967808501858,
"4": 0.4279141104294479,
"5": 0.5893886966551326,
"6": 0.9345403899721448
}
# event_data.TargetUserName
{
"1": 0.0931174089068826,
"2": 0.041666666666666664,
"3": 0.01011143210895584,
"4": 0.05674846625766871,
"5": 0.1707035755478662,
"6": 0.01532033426183844
}
# event_data.TargetImage
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.NewThreadId
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.Hash
{
"1": 0,
"2": 0,
"3": 0.0012381345439537762,
"4": 0,
"5": 0.006920415224913495,
"6": 0
}
# event_data.ParentImage
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.ProviderName
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.003067484662576687,
"5": 0.002306805074971165,
"6": 0
}
# event_data.IntegrityLevel
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# system.Security.UserID
{
"1": 0.8360323886639676,
"2": 0.8948412698412699,
"3": 0.07985967808501858,
"4": 0.47699386503067487,
"5": 0.5893886966551326,
"6": 0.9345403899721448
}
# event_data.QueryStatus
{
"1": 0.24898785425101214,
"2": 0.27380952380952384,
"3": 0.02042921997523731,
"4": 0.21932515337423314,
"5": 0.052479815455594,
"6": 0.6337047353760445
}
# event_data.AlgorithmName
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.003067484662576687,
"5": 0.002306805074971165,
"6": 0
}
# event_data.KeyType
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.003067484662576687,
"5": 0.002306805074971165,
"6": 0
}
# event_data.Hashes
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.ImpersonationLevel
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.QueryResults
{
"1": 0.19838056680161945,
"2": 0.25,
"3": 0.0175402393726785,
"4": 0.20552147239263804,
"5": 0.040945790080738176,
"6": 0.6030640668523677
}
# event_data.DestinationHostname
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.06170703575547866,
"6": 0
}
# event_data.SubjectUserSid
{
"1": 0.15991902834008098,
"2": 0.10515873015873016,
"3": 0.9201403219149814,
"4": 0.13803680981595093,
"5": 0.41061130334486734,
"6": 0.06545961002785515
}
# event_data.Initiated
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.DestinationIsIpv6
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.StartFunction
{
"1": 0,
"2": 0.0,
"3": 0,
"4": 0.0,
"5": 0,
"6": 0
}
# event_data.LogonType
{
"1": 0.06275303643724696,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04447852760736196,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.Operation
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.003067484662576687,
"5": 0.002306805074971165,
"6": 0
}
# event_data.SubjectLogonId
{
"1": 0.15991902834008098,
"2": 0.10515873015873016,
"3": 0.9201403219149814,
"4": 0.13803680981595093,
"5": 0.41061130334486734,
"6": 0.06545961002785515
}
# event_data.ReadOperation
{
"1": 0.012145748987854251,
"2": 0.031746031746031744,
"3": 0.0012381345439537762,
"4": 0.03987730061349693,
"5": 0.2104959630911188,
"6": 0.03203342618384401
}
# event_data.OriginalFileName
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# system.Correlation.ActivityID
{
"1": 0.15587044534412955,
"2": 0.10515873015873016,
"3": 0.0175402393726785,
"4": 0.13803680981595093,
"5": 0.40657439446366783,
"6": 0.06267409470752089
}
# event_data.WorkstationName
{
"1": 0.058704453441295545,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04141104294478527,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.SourceIp
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.TargetLogonId
{
"1": 0.06072874493927125,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04447852760736196,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# system.Keywords
{
"1": 1.0,
"2": 1.0,
"3": 1.0,
"4": 1.0,
"5": 1.0,
"6": 1.0
}
# event_data.LogonProcessName
{
"1": 0.058704453441295545,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04141104294478527,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.ObjectName
{
"1": 0.0020242914979757085,
"2": 0,
"3": 0.902600082542303,
"4": 0,
"5": 0.004036908881199538,
"6": 0.001392757660167131
}
# event_data.ReturnCode
{
"1": 0.012145748987854251,
"2": 0.031746031746031744,
"3": 0.0012381345439537762,
"4": 0.04294478527607362,
"5": 0.21280276816608998,
"6": 0.03203342618384401
}
# event_data.TargetSid
{
"1": 0.018218623481781375,
"2": 0.007936507936507936,
"3": 0.0035080478745356997,
"4": 0.009202453987730062,
"5": 0.016147635524798153,
"6": 0
}
# event_data.IpPort
{
"1": 0.06072874493927125,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04294478527607362,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.LmPackageName
{
"1": 0.058704453441295545,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04141104294478527,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.Workstation
{
"1": 0.010121457489878543,
"2": 0,
"3": 0.0002063557573256294,
"4": 0.0015337423312883436,
"5": 0.12975778546712802,
"6": 0
}
# event_data.TerminalSessionId
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.SourceProcessId
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.CreationUtcTime
{
"1": 0.20445344129554655,
"2": 0.2123015873015873,
"3": 0.03714403631861329,
"4": 0.032208588957055216,
"5": 0.24106113033448673,
"6": 0.19637883008356546
}
# event_data.StartAddress
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.CurrentDirectory
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.RuleName
{
"1": 0.27125506072874495,
"2": 0.2003968253968254,
"3": 0.038175815105241435,
"4": 0.05828220858895705,
"5": 0.3788927335640138,
"6": 0.18523676880222842
}
# event_data.User
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.1707035755478662,
"6": 0.0947075208913649
}
# event_data.KeyName
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.003067484662576687,
"5": 0.002306805074971165,
"6": 0
}
# event_data.ParentCommandLine
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.ElevatedToken
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.SourceProcessGuid
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.ParentProcessGuid
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.EventType
{
"1": 0.15789473684210525,
"2": 0.013888888888888888,
"3": 0.007222451506397029,
"4": 0.0598159509202454,
"5": 0.11591695501730104,
"6": 0.006963788300835654
}
# event_data.param1
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.38190184049079756,
"5": 0,
"6": 0
}
# event_data.TargetProcessGuid
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.AuthenticationPackageName
{
"1": 0.058704453441295545,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04141104294478527,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.KeyLength
{
"1": 0.058704453441295545,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04141104294478527,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.TargetName
{
"1": 0.012145748987854251,
"2": 0.031746031746031744,
"3": 0.0012381345439537762,
"4": 0.03987730061349693,
"5": 0.2104959630911188,
"6": 0.03203342618384401
}
# system.Version
{
"1": 1.0,
"2": 1.0,
"3": 1.0,
"4": 1.0,
"5": 1.0,
"6": 1.0
}
# event_data.LogonId
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.IpAddress
{
"1": 0.06072874493927125,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04294478527607362,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.FileVersion
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.Company
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014032191498142799,
"4": 0.09049079754601227,
"5": 0.08823529411764706,
"6": 0.08913649025069638
}
# event_data.TargetOutboundUserName
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.TargetFilename
{
"1": 0.20445344129554655,
"2": 0.2123015873015873,
"3": 0.03714403631861329,
"4": 0.032208588957055216,
"5": 0.24106113033448673,
"6": 0.19637883008356546
}
# event_data.ObjectServer
{
"1": 0.0020242914979757085,
"2": 0,
"3": 0.902600082542303,
"4": 0,
"5": 0.004036908881199538,
"6": 0.001392757660167131
}
# event_data.UtcTime
{
"1": 0.8360323886639676,
"2": 0.8948412698412699,
"3": 0.07985967808501858,
"4": 0.47699386503067487,
"5": 0.5893886966551326,
"6": 0.9345403899721448
}
# event_data.Protocol
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.TargetOutboundDomainName
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.SubjectDomainName
{
"1": 0.15991902834008098,
"2": 0.10515873015873016,
"3": 0.9201403219149814,
"4": 0.13803680981595093,
"5": 0.41061130334486734,
"6": 0.06545961002785515
}
# event_data.ProcessName
{
"1": 0.06477732793522267,
"2": 0.03373015873015873,
"3": 0.9089971110193974,
"4": 0.04294478527607362,
"5": 0.02883506343713956,
"6": 0.018105849582172703
}
# system.Task
{
"1": 1.0,
"2": 1.0,
"3": 1.0,
"4": 1.0,
"5": 1.0,
"6": 1.0
}
# event_data.ClientCreationTime
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.0015337423312883436,
"5": 0.0011534025374855825,
"6": 0
}
# label
{
"1": 1.0,
"2": 1.0,
"3": 1.0,
"4": 1.0,
"5": 1.0,
"6": 1.0
}
# event_data.HandleId
{
"1": 0.0020242914979757085,
"2": 0,
"3": 0.902600082542303,
"4": 0,
"5": 0.004036908881199538,
"6": 0.001392757660167131
}
# event_data.NewSd
{
"1": 0.0020242914979757085,
"2": 0,
"3": 0.902600082542303,
"4": 0,
"5": 0.004036908881199538,
"6": 0.001392757660167131
}
# event_data.CommandLine
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.CountOfCredentialsReturned
{
"1": 0.012145748987854251,
"2": 0.031746031746031744,
"3": 0.0012381345439537762,
"4": 0.03987730061349693,
"5": 0.2104959630911188,
"6": 0.03203342618384401
}
# event_data.VirtualAccount
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.RestrictedAdminMode
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.Product
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.SourcePort
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.DestinationPort
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.TargetLinkedLogonId
{
"1": 0.05668016194331984,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.TransmittedServices
{
"1": 0.058704453441295545,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04141104294478527,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
# event_data.SubjectUserName
{
"1": 0.15991902834008098,
"2": 0.10515873015873016,
"3": 0.9201403219149814,
"4": 0.13803680981595093,
"5": 0.41061130334486734,
"6": 0.06545961002785515
}
# event_data.Details
{
"1": 0.1396761133603239,
"2": 0.013888888888888888,
"3": 0.006603384234420141,
"4": 0.0598159509202454,
"5": 0.11418685121107267,
"6": 0.006963788300835654
}
# event_data.TargetDomainName
{
"1": 0.0931174089068826,
"2": 0.041666666666666664,
"3": 0.01011143210895584,
"4": 0.05674846625766871,
"5": 0.1707035755478662,
"6": 0.01532033426183844
}
# event_data.DestinationIp
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.SourcePortName
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.0,
"6": 0
}
# event_data.Type
{
"1": 0.012145748987854251,
"2": 0.031746031746031744,
"3": 0.0012381345439537762,
"4": 0.03987730061349693,
"5": 0.2104959630911188,
"6": 0.03203342618384401
}
# event_data.SourceImage
{
"1": 0,
"2": 0.007936507936507936,
"3": 0,
"4": 0.049079754601226995,
"5": 0,
"6": 0
}
# event_data.CallerProcessName
{
"1": 0.018218623481781375,
"2": 0.007936507936507936,
"3": 0.0035080478745356997,
"4": 0.009202453987730062,
"5": 0.016147635524798153,
"6": 0
}
# event_data.ParentProcessId
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.TargetObject
{
"1": 0.15789473684210525,
"2": 0.013888888888888888,
"3": 0.007222451506397029,
"4": 0.0598159509202454,
"5": 0.11591695501730104,
"6": 0.006963788300835654
}
# event_data.KeyFilePath
{
"1": 0,
"2": 0,
"3": 0,
"4": 0.0015337423312883436,
"5": 0.0011534025374855825,
"6": 0
}
# event_data.SourceHostname
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.StartModule
{
"1": 0,
"2": 0.0,
"3": 0,
"4": 0.0,
"5": 0,
"6": 0
}
# event_data.DestinationPortName
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.021337946943483274,
"6": 0
}
# event_data.SourceIsIpv6
{
"1": 0,
"2": 0,
"3": 0,
"4": 0,
"5": 0.08246828143021914,
"6": 0
}
# event_data.Description
{
"1": 0.22469635627530365,
"2": 0.3492063492063492,
"3": 0.014857614527445316,
"4": 0.10276073619631902,
"5": 0.08823529411764706,
"6": 0.0947075208913649
}
# event_data.PrivilegeList
{
"1": 0.05465587044534413,
"2": 0.031746031746031744,
"3": 0.006190672719768881,
"4": 0.04141104294478527,
"5": 0.02306805074971165,
"6": 0.01532033426183844
}
# event_data.QueryName
{
"1": 0.24898785425101214,
"2": 0.27380952380952384,
"3": 0.02042921997523731,
"4": 0.21932515337423314,
"5": 0.052479815455594,
"6": 0.6337047353760445
}
# event_data.LogonGuid
{
"1": 0.2834008097165992,
"2": 0.38095238095238093,
"3": 0.021048287247214196,
"4": 0.14570552147239263,
"5": 0.11130334486735871,
"6": 0.11002785515320335
}
# event_data.TargetUserSid
{
"1": 0.06275303643724696,
"2": 0.03373015873015873,
"3": 0.0063970284770945105,
"4": 0.04447852760736196,
"5": 0.024798154555940023,
"6": 0.01532033426183844
}
for attr in analyzer.statistics:
bars = []
if len(analyzer.value_dict[attr]) > 15:
continue
print(f"\n# {attr}")
for label in analyzer.statistics[attr]:
print(f" - Person{label}:")
print(f"\t{analyzer.statistics[attr][label]}")
x = [n for n in analyzer.statistics[attr][label] if n != None]
y = [analyzer.statistics[attr][label][n] for n in analyzer.statistics[attr][label] if n != None]
bars.append(go.Bar(name=f'Person{label}', x=x, y=y))
fig = go.Figure(data=bars)
fig.update_layout(xaxis_type='category', title_text=attr, barmode='group')
fig.show()
# event_data.ElevatedToken
- Person1:
{None: 0.9433198380566802, '%%1842': 0.05465587044534413, '%%1843': 0.0020242914979757085}
- Person2:
{None: 0.9682539682539683, '%%1842': 0.031746031746031744, '%%1843': 0.0}
- Person3:
{None: 0.9938093272802311, '%%1842': 0.006190672719768881, '%%1843': 0.0}
- Person4:
{None: 0.9585889570552147, '%%1842': 0.03987730061349693, '%%1843': 0.0015337423312883436}
- Person5:
{None: 0.9769319492502884, '%%1842': 0.02306805074971165, '%%1843': 0.0}
- Person6:
{None: 0.9846796657381616, '%%1842': 0.01532033426183844, '%%1843': 0.0}
# event_data.DestinationPortName
- Person1:
{None: 0, 'https': 0}
- Person2:
{None: 0, 'https': 0}
- Person3:
{None: 0, 'https': 0}
- Person4:
{None: 0, 'https': 0}
- Person5:
{None: 0.9786620530565168, 'https': 0.021337946943483274}
- Person6:
{None: 0, 'https': 0}
# event_data.DestinationIsIpv6
- Person1:
{None: 0, 'false': 0, 'true': 0}
- Person2:
{None: 0, 'false': 0, 'true': 0}
- Person3:
{None: 0, 'false': 0, 'true': 0}
- Person4:
{None: 0, 'false': 0, 'true': 0}
- Person5:
{None: 0.9175317185697809, 'false': 0.021337946943483274, 'true': 0.06113033448673587}
- Person6:
{None: 0, 'false': 0, 'true': 0}
# event_data.CallerProcessName
- Person1:
{'C:\\Program Files\\LibreOffice\\program\\soffice.bin': 0.0020242914979757085, 'C:\\Program Files (x86)\\Dev-Cpp\\devcpp.exe': 0.0, 'C:\\Windows\\System32\\VSSVC.exe': 0.0, 'C:\\Windows\\explorer.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0020242914979757085, None: 0.9817813765182186, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.012145748987854251, 'C:\\Windows\\System32\\LogonUI.exe': 0.0020242914979757085}
- Person2:
{'C:\\Program Files\\LibreOffice\\program\\soffice.bin': 0.0, 'C:\\Program Files (x86)\\Dev-Cpp\\devcpp.exe': 0.003968253968253968, 'C:\\Windows\\System32\\VSSVC.exe': 0.0, 'C:\\Windows\\explorer.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.003968253968253968, None: 0.9920634920634921, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.0, 'C:\\Windows\\System32\\LogonUI.exe': 0.0}
- Person3:
{'C:\\Program Files\\LibreOffice\\program\\soffice.bin': 0.0, 'C:\\Program Files (x86)\\Dev-Cpp\\devcpp.exe': 0.0, 'C:\\Windows\\System32\\VSSVC.exe': 0.0016508460586050352, 'C:\\Windows\\explorer.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0002063557573256294, None: 0.9964919521254643, 'C:\\Windows\\System32\\svchost.exe': 0.0004127115146512588, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.0012381345439537762, 'C:\\Windows\\System32\\LogonUI.exe': 0.0}
- Person4:
{'C:\\Program Files\\LibreOffice\\program\\soffice.bin': 0.0, 'C:\\Program Files (x86)\\Dev-Cpp\\devcpp.exe': 0.0, 'C:\\Windows\\System32\\VSSVC.exe': 0.0, 'C:\\Windows\\explorer.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0, None: 0.99079754601227, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.009202453987730062, 'C:\\Windows\\System32\\LogonUI.exe': 0.0}
- Person5:
{'C:\\Program Files\\LibreOffice\\program\\soffice.bin': 0.0, 'C:\\Program Files (x86)\\Dev-Cpp\\devcpp.exe': 0.0, 'C:\\Windows\\System32\\VSSVC.exe': 0.00922722029988466, 'C:\\Windows\\explorer.exe': 0.0005767012687427913, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0028835063437139563, None: 0.9838523644752019, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.0034602076124567475, 'C:\\Windows\\System32\\LogonUI.exe': 0.0}
- Person6:
{'C:\\Program Files\\LibreOffice\\program\\soffice.bin': 0, 'C:\\Program Files (x86)\\Dev-Cpp\\devcpp.exe': 0, 'C:\\Windows\\System32\\VSSVC.exe': 0, 'C:\\Windows\\explorer.exe': 0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0, None: 0, 'C:\\Windows\\System32\\svchost.exe': 0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0, 'C:\\Windows\\System32\\LogonUI.exe': 0}
# event_data.Hash
- Person1:
{'MD5=6915F430B0C93840A1B3212B8F82F99A,SHA256=0AFB8A266A27B6A9B863D78A2B8087FA2D1CE5AB5B412B645B8377ABF2DD3E68,IMPHASH=00000000000000000000000000000000': 0, 'MD5=D2E7685A60E27FA8408AC96336CA77A0,SHA256=E3E800946E4B1EE146F942CDFDA27B8C94B9DBABBDFD76B4515FB6BF00B9A888,IMPHASH=00000000000000000000000000000000': 0, 'MD5=56F6DC8E5B4D9F36F3F5732A5992E6A6,SHA256=8858955289BD86743B356DF90A8D45E608000973E66BE17CFBE9B70ADBD77209,IMPHASH=20DD26497880C05CAED9305B3C8B9109': 0, 'MD5=EFED1CD90742F6FCDDB8942DD21AC2AC,SHA256=F7D10A8020011B4D10C93F15B2526C63F9B4E4F793EB731CAB4B380D8AE6A313,IMPHASH=00000000000000000000000000000000': 0, 'MD5=BA446AFE6CE2341D9DDE43BD50DA7167,SHA256=E51CAD403CAFA19AE3D19B0B8B5F6AE61F7231047D8041CFF4CFED2F57D4100F,IMPHASH=00000000000000000000000000000000': 0, 'MD5=C978088F04B0D519F04D76E76FB42CD4,SHA256=C4CFC46F50D9A051EEC3375C14E61CFE8B1A0290CAF16DC161B64828BC34CA2A,IMPHASH=00000000000000000000000000000000': 0, 'MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000': 0, 'MD5=592ED72E3636996BE037E7A26B595895,SHA256=583E892750B46FA7AA6E62FC8A324E4F34D9A7263B9D90CC0229DEEDC900B382,IMPHASH=00000000000000000000000000000000': 0, None: 0, 'MD5=5E732B01D021FEA585F0874407E6BE6C,SHA256=BCBBEAB9FDD35F9079A5E26A1E7156838364538B563A9B5DC1459F467D938CE2,IMPHASH=00000000000000000000000000000000': 0, 'MD5=452373E2C467C14220EFEB10F40C231F,SHA256=E5EA9F5646FE3CFF2621B61A55A98EA5B3E9CA7DD7CC14C13535E55C88686872,IMPHASH=D7E2FD259780271687FFCA462B9E69B7': 0}
- Person2:
{'MD5=6915F430B0C93840A1B3212B8F82F99A,SHA256=0AFB8A266A27B6A9B863D78A2B8087FA2D1CE5AB5B412B645B8377ABF2DD3E68,IMPHASH=00000000000000000000000000000000': 0, 'MD5=D2E7685A60E27FA8408AC96336CA77A0,SHA256=E3E800946E4B1EE146F942CDFDA27B8C94B9DBABBDFD76B4515FB6BF00B9A888,IMPHASH=00000000000000000000000000000000': 0, 'MD5=56F6DC8E5B4D9F36F3F5732A5992E6A6,SHA256=8858955289BD86743B356DF90A8D45E608000973E66BE17CFBE9B70ADBD77209,IMPHASH=20DD26497880C05CAED9305B3C8B9109': 0, 'MD5=EFED1CD90742F6FCDDB8942DD21AC2AC,SHA256=F7D10A8020011B4D10C93F15B2526C63F9B4E4F793EB731CAB4B380D8AE6A313,IMPHASH=00000000000000000000000000000000': 0, 'MD5=BA446AFE6CE2341D9DDE43BD50DA7167,SHA256=E51CAD403CAFA19AE3D19B0B8B5F6AE61F7231047D8041CFF4CFED2F57D4100F,IMPHASH=00000000000000000000000000000000': 0, 'MD5=C978088F04B0D519F04D76E76FB42CD4,SHA256=C4CFC46F50D9A051EEC3375C14E61CFE8B1A0290CAF16DC161B64828BC34CA2A,IMPHASH=00000000000000000000000000000000': 0, 'MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000': 0, 'MD5=592ED72E3636996BE037E7A26B595895,SHA256=583E892750B46FA7AA6E62FC8A324E4F34D9A7263B9D90CC0229DEEDC900B382,IMPHASH=00000000000000000000000000000000': 0, None: 0, 'MD5=5E732B01D021FEA585F0874407E6BE6C,SHA256=BCBBEAB9FDD35F9079A5E26A1E7156838364538B563A9B5DC1459F467D938CE2,IMPHASH=00000000000000000000000000000000': 0, 'MD5=452373E2C467C14220EFEB10F40C231F,SHA256=E5EA9F5646FE3CFF2621B61A55A98EA5B3E9CA7DD7CC14C13535E55C88686872,IMPHASH=D7E2FD259780271687FFCA462B9E69B7': 0}
- Person3:
{'MD5=6915F430B0C93840A1B3212B8F82F99A,SHA256=0AFB8A266A27B6A9B863D78A2B8087FA2D1CE5AB5B412B645B8377ABF2DD3E68,IMPHASH=00000000000000000000000000000000': 0.0, 'MD5=D2E7685A60E27FA8408AC96336CA77A0,SHA256=E3E800946E4B1EE146F942CDFDA27B8C94B9DBABBDFD76B4515FB6BF00B9A888,IMPHASH=00000000000000000000000000000000': 0.0, 'MD5=56F6DC8E5B4D9F36F3F5732A5992E6A6,SHA256=8858955289BD86743B356DF90A8D45E608000973E66BE17CFBE9B70ADBD77209,IMPHASH=20DD26497880C05CAED9305B3C8B9109': 0.0, 'MD5=EFED1CD90742F6FCDDB8942DD21AC2AC,SHA256=F7D10A8020011B4D10C93F15B2526C63F9B4E4F793EB731CAB4B380D8AE6A313,IMPHASH=00000000000000000000000000000000': 0.0, 'MD5=BA446AFE6CE2341D9DDE43BD50DA7167,SHA256=E51CAD403CAFA19AE3D19B0B8B5F6AE61F7231047D8041CFF4CFED2F57D4100F,IMPHASH=00000000000000000000000000000000': 0.0002063557573256294, 'MD5=C978088F04B0D519F04D76E76FB42CD4,SHA256=C4CFC46F50D9A051EEC3375C14E61CFE8B1A0290CAF16DC161B64828BC34CA2A,IMPHASH=00000000000000000000000000000000': 0.0002063557573256294, 'MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000': 0.0002063557573256294, 'MD5=592ED72E3636996BE037E7A26B595895,SHA256=583E892750B46FA7AA6E62FC8A324E4F34D9A7263B9D90CC0229DEEDC900B382,IMPHASH=00000000000000000000000000000000': 0.0006190672719768881, None: 0.9987618654560462, 'MD5=5E732B01D021FEA585F0874407E6BE6C,SHA256=BCBBEAB9FDD35F9079A5E26A1E7156838364538B563A9B5DC1459F467D938CE2,IMPHASH=00000000000000000000000000000000': 0.0, 'MD5=452373E2C467C14220EFEB10F40C231F,SHA256=E5EA9F5646FE3CFF2621B61A55A98EA5B3E9CA7DD7CC14C13535E55C88686872,IMPHASH=D7E2FD259780271687FFCA462B9E69B7': 0.0}
- Person4:
{'MD5=6915F430B0C93840A1B3212B8F82F99A,SHA256=0AFB8A266A27B6A9B863D78A2B8087FA2D1CE5AB5B412B645B8377ABF2DD3E68,IMPHASH=00000000000000000000000000000000': 0, 'MD5=D2E7685A60E27FA8408AC96336CA77A0,SHA256=E3E800946E4B1EE146F942CDFDA27B8C94B9DBABBDFD76B4515FB6BF00B9A888,IMPHASH=00000000000000000000000000000000': 0, 'MD5=56F6DC8E5B4D9F36F3F5732A5992E6A6,SHA256=8858955289BD86743B356DF90A8D45E608000973E66BE17CFBE9B70ADBD77209,IMPHASH=20DD26497880C05CAED9305B3C8B9109': 0, 'MD5=EFED1CD90742F6FCDDB8942DD21AC2AC,SHA256=F7D10A8020011B4D10C93F15B2526C63F9B4E4F793EB731CAB4B380D8AE6A313,IMPHASH=00000000000000000000000000000000': 0, 'MD5=BA446AFE6CE2341D9DDE43BD50DA7167,SHA256=E51CAD403CAFA19AE3D19B0B8B5F6AE61F7231047D8041CFF4CFED2F57D4100F,IMPHASH=00000000000000000000000000000000': 0, 'MD5=C978088F04B0D519F04D76E76FB42CD4,SHA256=C4CFC46F50D9A051EEC3375C14E61CFE8B1A0290CAF16DC161B64828BC34CA2A,IMPHASH=00000000000000000000000000000000': 0, 'MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000': 0, 'MD5=592ED72E3636996BE037E7A26B595895,SHA256=583E892750B46FA7AA6E62FC8A324E4F34D9A7263B9D90CC0229DEEDC900B382,IMPHASH=00000000000000000000000000000000': 0, None: 0, 'MD5=5E732B01D021FEA585F0874407E6BE6C,SHA256=BCBBEAB9FDD35F9079A5E26A1E7156838364538B563A9B5DC1459F467D938CE2,IMPHASH=00000000000000000000000000000000': 0, 'MD5=452373E2C467C14220EFEB10F40C231F,SHA256=E5EA9F5646FE3CFF2621B61A55A98EA5B3E9CA7DD7CC14C13535E55C88686872,IMPHASH=D7E2FD259780271687FFCA462B9E69B7': 0}
- Person5:
{'MD5=6915F430B0C93840A1B3212B8F82F99A,SHA256=0AFB8A266A27B6A9B863D78A2B8087FA2D1CE5AB5B412B645B8377ABF2DD3E68,IMPHASH=00000000000000000000000000000000': 0.0005767012687427913, 'MD5=D2E7685A60E27FA8408AC96336CA77A0,SHA256=E3E800946E4B1EE146F942CDFDA27B8C94B9DBABBDFD76B4515FB6BF00B9A888,IMPHASH=00000000000000000000000000000000': 0.0005767012687427913, 'MD5=56F6DC8E5B4D9F36F3F5732A5992E6A6,SHA256=8858955289BD86743B356DF90A8D45E608000973E66BE17CFBE9B70ADBD77209,IMPHASH=20DD26497880C05CAED9305B3C8B9109': 0.0017301038062283738, 'MD5=EFED1CD90742F6FCDDB8942DD21AC2AC,SHA256=F7D10A8020011B4D10C93F15B2526C63F9B4E4F793EB731CAB4B380D8AE6A313,IMPHASH=00000000000000000000000000000000': 0.0005767012687427913, 'MD5=BA446AFE6CE2341D9DDE43BD50DA7167,SHA256=E51CAD403CAFA19AE3D19B0B8B5F6AE61F7231047D8041CFF4CFED2F57D4100F,IMPHASH=00000000000000000000000000000000': 0.0, 'MD5=C978088F04B0D519F04D76E76FB42CD4,SHA256=C4CFC46F50D9A051EEC3375C14E61CFE8B1A0290CAF16DC161B64828BC34CA2A,IMPHASH=00000000000000000000000000000000': 0.0, 'MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000': 0.0011534025374855825, 'MD5=592ED72E3636996BE037E7A26B595895,SHA256=583E892750B46FA7AA6E62FC8A324E4F34D9A7263B9D90CC0229DEEDC900B382,IMPHASH=00000000000000000000000000000000': 0.0, None: 0.9930795847750865, 'MD5=5E732B01D021FEA585F0874407E6BE6C,SHA256=BCBBEAB9FDD35F9079A5E26A1E7156838364538B563A9B5DC1459F467D938CE2,IMPHASH=00000000000000000000000000000000': 0.0005767012687427913, 'MD5=452373E2C467C14220EFEB10F40C231F,SHA256=E5EA9F5646FE3CFF2621B61A55A98EA5B3E9CA7DD7CC14C13535E55C88686872,IMPHASH=D7E2FD259780271687FFCA462B9E69B7': 0.0017301038062283738}
- Person6:
{'MD5=6915F430B0C93840A1B3212B8F82F99A,SHA256=0AFB8A266A27B6A9B863D78A2B8087FA2D1CE5AB5B412B645B8377ABF2DD3E68,IMPHASH=00000000000000000000000000000000': 0, 'MD5=D2E7685A60E27FA8408AC96336CA77A0,SHA256=E3E800946E4B1EE146F942CDFDA27B8C94B9DBABBDFD76B4515FB6BF00B9A888,IMPHASH=00000000000000000000000000000000': 0, 'MD5=56F6DC8E5B4D9F36F3F5732A5992E6A6,SHA256=8858955289BD86743B356DF90A8D45E608000973E66BE17CFBE9B70ADBD77209,IMPHASH=20DD26497880C05CAED9305B3C8B9109': 0, 'MD5=EFED1CD90742F6FCDDB8942DD21AC2AC,SHA256=F7D10A8020011B4D10C93F15B2526C63F9B4E4F793EB731CAB4B380D8AE6A313,IMPHASH=00000000000000000000000000000000': 0, 'MD5=BA446AFE6CE2341D9DDE43BD50DA7167,SHA256=E51CAD403CAFA19AE3D19B0B8B5F6AE61F7231047D8041CFF4CFED2F57D4100F,IMPHASH=00000000000000000000000000000000': 0, 'MD5=C978088F04B0D519F04D76E76FB42CD4,SHA256=C4CFC46F50D9A051EEC3375C14E61CFE8B1A0290CAF16DC161B64828BC34CA2A,IMPHASH=00000000000000000000000000000000': 0, 'MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000': 0, 'MD5=592ED72E3636996BE037E7A26B595895,SHA256=583E892750B46FA7AA6E62FC8A324E4F34D9A7263B9D90CC0229DEEDC900B382,IMPHASH=00000000000000000000000000000000': 0, None: 0, 'MD5=5E732B01D021FEA585F0874407E6BE6C,SHA256=BCBBEAB9FDD35F9079A5E26A1E7156838364538B563A9B5DC1459F467D938CE2,IMPHASH=00000000000000000000000000000000': 0, 'MD5=452373E2C467C14220EFEB10F40C231F,SHA256=E5EA9F5646FE3CFF2621B61A55A98EA5B3E9CA7DD7CC14C13535E55C88686872,IMPHASH=D7E2FD259780271687FFCA462B9E69B7': 0}
# event_data.TargetUserName
- Person1:
{'NS': 0.022267206477732792, 'WDAGUtilityAccount': 0.0020242914979757085, 'Administrator': 0.004048582995951417, 'DWM-1': 0.0, 'SYSTEM': 0.05263157894736842, 'Backup Operators': 0.0, None: 0.9068825910931174, 'DefaultAccount': 0.0020242914979757085, 'Guest': 0.010121457489878543, 'Administrators': 0.0}
- Person2:
{'NS': 0.00992063492063492, 'WDAGUtilityAccount': 0.0, 'Administrator': 0.0, 'DWM-1': 0.0, 'SYSTEM': 0.031746031746031744, 'Backup Operators': 0.0, None: 0.9583333333333334, 'DefaultAccount': 0.0, 'Guest': 0.0, 'Administrators': 0.0}
- Person3:
{'NS': 0.0008254230293025176, 'WDAGUtilityAccount': 0.0, 'Administrator': 0.0002063557573256294, 'DWM-1': 0.0, 'SYSTEM': 0.006190672719768881, 'Backup Operators': 0.0010317787866281469, None: 0.9898885678910442, 'DefaultAccount': 0.0, 'Guest': 0.0008254230293025176, 'Administrators': 0.0010317787866281469}
- Person4:
{'NS': 0.003067484662576687, 'WDAGUtilityAccount': 0.0, 'Administrator': 0.0015337423312883436, 'DWM-1': 0.007668711656441718, 'SYSTEM': 0.03834355828220859, 'Backup Operators': 0.0, None: 0.9432515337423313, 'DefaultAccount': 0.0, 'Guest': 0.006134969325153374, 'Administrators': 0.0}
- Person5:
{'NS': 0.006343713956170703, 'WDAGUtilityAccount': 0.03229527104959631, 'Administrator': 0.0328719723183391, 'DWM-1': 0.0, 'SYSTEM': 0.02306805074971165, 'Backup Operators': 0.00461361014994233, None: 0.8292964244521338, 'DefaultAccount': 0.03229527104959631, 'Guest': 0.03460207612456748, 'Administrators': 0.00461361014994233}
- Person6:
{'NS': 0.0, 'WDAGUtilityAccount': 0.0, 'Administrator': 0.0, 'DWM-1': 0.0, 'SYSTEM': 0.01532033426183844, 'Backup Operators': 0.0, None: 0.9846796657381616, 'DefaultAccount': 0.0, 'Guest': 0.0, 'Administrators': 0.0}
# event_data.TargetDomainName
- Person1:
{'DESKTOP-P84STH6': 0.04048582995951417, 'Builtin': 0.0, None: 0.9068825910931174, 'Window Manager': 0.0, 'NT AUTHORITY': 0.05263157894736842}
- Person2:
{'DESKTOP-P84STH6': 0.00992063492063492, 'Builtin': 0.0, None: 0.9583333333333334, 'Window Manager': 0.0, 'NT AUTHORITY': 0.031746031746031744}
- Person3:
{'DESKTOP-P84STH6': 0.0018572018159306646, 'Builtin': 0.0020635575732562937, None: 0.9898885678910442, 'Window Manager': 0.0, 'NT AUTHORITY': 0.006190672719768881}
- Person4:
{'DESKTOP-P84STH6': 0.010736196319018405, 'Builtin': 0.0, None: 0.9432515337423313, 'Window Manager': 0.007668711656441718, 'NT AUTHORITY': 0.03834355828220859}
- Person5:
{'DESKTOP-P84STH6': 0.1384083044982699, 'Builtin': 0.00922722029988466, None: 0.8292964244521338, 'Window Manager': 0.0, 'NT AUTHORITY': 0.02306805074971165}
- Person6:
{'DESKTOP-P84STH6': 0.0, 'Builtin': 0.0, None: 0.9846796657381616, 'Window Manager': 0.0, 'NT AUTHORITY': 0.01532033426183844}
# event_data.LogonProcessName
- Person1:
{None: 0.9412955465587044, 'Advapi\n\t\t\t': 0.05465587044534413, 'Advapi ': 0.0, 'User32\n\t\t\t': 0.004048582995951417}
- Person2:
{None: 0.9662698412698413, 'Advapi\n\t\t\t': 0.03373015873015873, 'Advapi ': 0.0, 'User32\n\t\t\t': 0.0}
- Person3:
{None: 0.9936029715229054, 'Advapi\n\t\t\t': 0.0, 'Advapi ': 0.0063970284770945105, 'User32\n\t\t\t': 0.0}
- Person4:
{None: 0.9585889570552147, 'Advapi\n\t\t\t': 0.04141104294478527, 'Advapi ': 0.0, 'User32\n\t\t\t': 0.0}
- Person5:
{None: 0.97520184544406, 'Advapi\n\t\t\t': 0.0, 'Advapi ': 0.024798154555940023, 'User32\n\t\t\t': 0.0}
- Person6:
{None: 0.9846796657381616, 'Advapi\n\t\t\t': 0.0, 'Advapi ': 0.01532033426183844, 'User32\n\t\t\t': 0.0}
# event_data.TargetUserSid
- Person1:
{'S-1-5-18': 0.05263157894736842, 'S-1-5-90-0-1': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.008097165991902834, 'S-1-0-0': 0.0020242914979757085, None: 0.937246963562753}
- Person2:
{'S-1-5-18': 0.031746031746031744, 'S-1-5-90-0-1': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0, 'S-1-0-0': 0.001984126984126984, None: 0.9662698412698413}
- Person3:
{'S-1-5-18': 0.006190672719768881, 'S-1-5-90-0-1': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0, 'S-1-0-0': 0.0002063557573256294, None: 0.9936029715229054}
- Person4:
{'S-1-5-18': 0.03834355828220859, 'S-1-5-90-0-1': 0.006134969325153374, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0, 'S-1-0-0': 0.0, None: 0.9555214723926381}
- Person5:
{'S-1-5-18': 0.02306805074971165, 'S-1-5-90-0-1': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0, 'S-1-0-0': 0.0017301038062283738, None: 0.97520184544406}
- Person6:
{'S-1-5-18': 0.01532033426183844, 'S-1-5-90-0-1': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0, 'S-1-0-0': 0.0, None: 0.9846796657381616}
# event_data.TargetSid
- Person1:
{'S-1-5-32-551': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.010121457489878543, 'S-1-5-32-544': 0.0, None: 0.9817813765182186, 'S-1-5-21-223836497-1760142647-788189203-501': 0.008097165991902834}
- Person2:
{'S-1-5-32-551': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.007936507936507936, 'S-1-5-32-544': 0.0, None: 0.9920634920634921, 'S-1-5-21-223836497-1760142647-788189203-501': 0.0}
- Person3:
{'S-1-5-32-551': 0.0010317787866281469, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0006190672719768881, 'S-1-5-32-544': 0.0010317787866281469, None: 0.9964919521254643, 'S-1-5-21-223836497-1760142647-788189203-501': 0.0008254230293025176}
- Person4:
{'S-1-5-32-551': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.003067484662576687, 'S-1-5-32-544': 0.0, None: 0.99079754601227, 'S-1-5-21-223836497-1760142647-788189203-501': 0.006134969325153374}
- Person5:
{'S-1-5-32-551': 0.00461361014994233, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.00461361014994233, 'S-1-5-32-544': 0.00461361014994233, None: 0.9838523644752019, 'S-1-5-21-223836497-1760142647-788189203-501': 0.002306805074971165}
- Person6:
{'S-1-5-32-551': 0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0, 'S-1-5-32-544': 0, None: 0, 'S-1-5-21-223836497-1760142647-788189203-501': 0}
# event_data.Type
- Person1:
{None: 0.9878542510121457, '0': 0.012145748987854251, '1': 0.0}
- Person2:
{None: 0.9682539682539683, '0': 0.031746031746031744, '1': 0.0}
- Person3:
{None: 0.9987618654560462, '0': 0.0012381345439537762, '1': 0.0}
- Person4:
{None: 0.9601226993865031, '0': 0.03834355828220859, '1': 0.0015337423312883436}
- Person5:
{None: 0.7895040369088812, '0': 0.05074971164936563, '1': 0.15974625144175317}
- Person6:
{None: 0.967966573816156, '0': 0.03203342618384401, '1': 0.0}
# event_data.AuthenticationPackageName
- Person1:
{None: 0.9412955465587044, 'Negotiate': 0.058704453441295545}
- Person2:
{None: 0.9662698412698413, 'Negotiate': 0.03373015873015873}
- Person3:
{None: 0.9936029715229054, 'Negotiate': 0.0063970284770945105}
- Person4:
{None: 0.9585889570552147, 'Negotiate': 0.04141104294478527}
- Person5:
{None: 0.97520184544406, 'Negotiate': 0.024798154555940023}
- Person6:
{None: 0.9846796657381616, 'Negotiate': 0.01532033426183844}
# event_data.SourceImage
- Person1:
{'C:\\Users\\NS\\Desktop\\âtâìâôâgâëâCâô\\âtâìâôâgâëâCâô.exe': 0, 'C:\\Windows\\System32\\VBoxTray.exe': 0, 'C:\\Program Files (x86)\\CartmansAuthoritah\\SouthPark.exe': 0, 'C:\\Users\\NS\\Desktop\\block130.exe': 0, None: 0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0}
- Person2:
{'C:\\Users\\NS\\Desktop\\âtâìâôâgâëâCâô\\âtâìâôâgâëâCâô.exe': 0.0, 'C:\\Windows\\System32\\VBoxTray.exe': 0.007936507936507936, 'C:\\Program Files (x86)\\CartmansAuthoritah\\SouthPark.exe': 0.0, 'C:\\Users\\NS\\Desktop\\block130.exe': 0.0, None: 0.9920634920634921, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.0}
- Person3:
{'C:\\Users\\NS\\Desktop\\âtâìâôâgâëâCâô\\âtâìâôâgâëâCâô.exe': 0, 'C:\\Windows\\System32\\VBoxTray.exe': 0, 'C:\\Program Files (x86)\\CartmansAuthoritah\\SouthPark.exe': 0, 'C:\\Users\\NS\\Desktop\\block130.exe': 0, None: 0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0}
- Person4:
{'C:\\Users\\NS\\Desktop\\âtâìâôâgâëâCâô\\âtâìâôâgâëâCâô.exe': 0.006134969325153374, 'C:\\Windows\\System32\\VBoxTray.exe': 0.019938650306748466, 'C:\\Program Files (x86)\\CartmansAuthoritah\\SouthPark.exe': 0.015337423312883436, 'C:\\Users\\NS\\Desktop\\block130.exe': 0.006134969325153374, None: 0.950920245398773, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0.0015337423312883436}
- Person5:
{'C:\\Users\\NS\\Desktop\\âtâìâôâgâëâCâô\\âtâìâôâgâëâCâô.exe': 0, 'C:\\Windows\\System32\\VBoxTray.exe': 0, 'C:\\Program Files (x86)\\CartmansAuthoritah\\SouthPark.exe': 0, 'C:\\Users\\NS\\Desktop\\block130.exe': 0, None: 0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0}
- Person6:
{'C:\\Users\\NS\\Desktop\\âtâìâôâgâëâCâô\\âtâìâôâgâëâCâô.exe': 0, 'C:\\Windows\\System32\\VBoxTray.exe': 0, 'C:\\Program Files (x86)\\CartmansAuthoritah\\SouthPark.exe': 0, 'C:\\Users\\NS\\Desktop\\block130.exe': 0, None: 0, 'C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe': 0}
# event_data.CountOfCredentialsReturned
- Person1:
{None: 0.9878542510121457, '1': 0.004048582995951417, '0': 0.008097165991902834}
- Person2:
{None: 0.9682539682539683, '1': 0.005952380952380952, '0': 0.025793650793650792}
- Person3:
{None: 0.9987618654560462, '1': 0.0004127115146512588, '0': 0.0008254230293025176}
- Person4:
{None: 0.9601226993865031, '1': 0.007668711656441718, '0': 0.032208588957055216}
- Person5:
{None: 0.7895040369088812, '1': 0.16897347174163782, '0': 0.04152249134948097}
- Person6:
{None: 0.967966573816156, '1': 0.005571030640668524, '0': 0.026462395543175487}
# event_data.StartAddress
- Person1:
{None: 0, '0xFFFFF661C9312460': 0, '0xFFFFA70BEBC32460': 0}
- Person2:
{None: 0.9920634920634921, '0xFFFFF661C9312460': 0.0, '0xFFFFA70BEBC32460': 0.007936507936507936}
- Person3:
{None: 0, '0xFFFFF661C9312460': 0, '0xFFFFA70BEBC32460': 0}
- Person4:
{None: 0.950920245398773, '0xFFFFF661C9312460': 0.049079754601226995, '0xFFFFA70BEBC32460': 0.0}
- Person5:
{None: 0, '0xFFFFF661C9312460': 0, '0xFFFFA70BEBC32460': 0}
- Person6:
{None: 0, '0xFFFFF661C9312460': 0, '0xFFFFA70BEBC32460': 0}
# event_data.WorkstationName
- Person1:
{None: 0.9412955465587044, 'DESKTOP-P84STH6': 0.006072874493927126, '-': 0.05263157894736842}
- Person2:
{None: 0.9662698412698413, 'DESKTOP-P84STH6': 0.001984126984126984, '-': 0.031746031746031744}
- Person3:
{None: 0.9936029715229054, 'DESKTOP-P84STH6': 0.0002063557573256294, '-': 0.006190672719768881}
- Person4:
{None: 0.9585889570552147, 'DESKTOP-P84STH6': 0.0, '-': 0.04141104294478527}
- Person5:
{None: 0.97520184544406, 'DESKTOP-P84STH6': 0.0017301038062283738, '-': 0.02306805074971165}
- Person6:
{None: 0.9846796657381616, 'DESKTOP-P84STH6': 0.0, '-': 0.01532033426183844}
# event_data.TargetImage
- Person1:
{None: 0, 'C:\\Windows\\System32\\csrss.exe': 0}
- Person2:
{None: 0.9920634920634921, 'C:\\Windows\\System32\\csrss.exe': 0.007936507936507936}
- Person3:
{None: 0, 'C:\\Windows\\System32\\csrss.exe': 0}
- Person4:
{None: 0.950920245398773, 'C:\\Windows\\System32\\csrss.exe': 0.049079754601226995}
- Person5:
{None: 0, 'C:\\Windows\\System32\\csrss.exe': 0}
- Person6:
{None: 0, 'C:\\Windows\\System32\\csrss.exe': 0}
# event_data.StartModule
- Person1:
{None: 0}
- Person2:
{None: 1.0}
- Person3:
{None: 0}
- Person4:
{None: 1.0}
- Person5:
{None: 0}
- Person6:
{None: 0}
# system.Security.UserID
- Person1:
{None: 0.16396761133603238, 'S-1-5-18': 0.8360323886639676}
- Person2:
{None: 0.10515873015873016, 'S-1-5-18': 0.8948412698412699}
- Person3:
{None: 0.9201403219149814, 'S-1-5-18': 0.07985967808501858}
- Person4:
{None: 0.5230061349693251, 'S-1-5-18': 0.47699386503067487}
- Person5:
{None: 0.41061130334486734, 'S-1-5-18': 0.5893886966551326}
- Person6:
{None: 0.06545961002785515, 'S-1-5-18': 0.9345403899721448}
# event_data.TargetProcessGuid
- Person1:
{None: 0, '{5d3d98af-2633-5ec2-0000-001082560000}': 0, '{5d3d98af-2583-5ec2-0000-001006560000}': 0}
- Person2:
{None: 0.9920634920634921, '{5d3d98af-2633-5ec2-0000-001082560000}': 0.0, '{5d3d98af-2583-5ec2-0000-001006560000}': 0.007936507936507936}
- Person3:
{None: 0, '{5d3d98af-2633-5ec2-0000-001082560000}': 0, '{5d3d98af-2583-5ec2-0000-001006560000}': 0}
- Person4:
{None: 0.950920245398773, '{5d3d98af-2633-5ec2-0000-001082560000}': 0.049079754601226995, '{5d3d98af-2583-5ec2-0000-001006560000}': 0.0}
- Person5:
{None: 0, '{5d3d98af-2633-5ec2-0000-001082560000}': 0, '{5d3d98af-2583-5ec2-0000-001006560000}': 0}
- Person6:
{None: 0, '{5d3d98af-2633-5ec2-0000-001082560000}': 0, '{5d3d98af-2583-5ec2-0000-001006560000}': 0}
# event_data.TargetProcessId
- Person1:
{None: 0, '544': 0, '536': 0}
- Person2:
{None: 0.9920634920634921, '544': 0.007936507936507936, '536': 0.0}
- Person3:
{None: 0, '544': 0, '536': 0}
- Person4:
{None: 0.950920245398773, '544': 0.0, '536': 0.049079754601226995}
- Person5:
{None: 0, '544': 0, '536': 0}
- Person6:
{None: 0, '544': 0, '536': 0}
# event_data.Company
- Person1:
{'Adobe': 0.004048582995951417, 'The Wireshark developer community, https://www.wireshark.org/': 0.0020242914979757085, 'The Document Foundation': 0.020242914979757085, 'Bloodshed Software': 0.0, 'Google': 0.0, 'Microsoft Corp.': 0.004048582995951417, 'Python Software Foundation': 0.0, 'Microsoft Corporation ': 0.0, 'The Wireshark developer community': 0.010121457489878543, 'Microsoft Corporation': 0.17813765182186234, None: 0.7753036437246964, 'Google LLC': 0.004048582995951417, '?': 0.0020242914979757085}
- Person2:
{'Adobe': 0.0, 'The Wireshark developer community, https://www.wireshark.org/': 0.0, 'The Document Foundation': 0.0, 'Bloodshed Software': 0.001984126984126984, 'Google': 0.007936507936507936, 'Microsoft Corp.': 0.003968253968253968, 'Python Software Foundation': 0.0, 'Microsoft Corporation ': 0.0, 'The Wireshark developer community': 0.001984126984126984, 'Microsoft Corporation': 0.08928571428571429, None: 0.6507936507936508, 'Google LLC': 0.003968253968253968, '?': 0.2400793650793651}
- Person3:
{'Adobe': 0.0, 'The Wireshark developer community, https://www.wireshark.org/': 0.0, 'The Document Foundation': 0.0, 'Bloodshed Software': 0.0, 'Google': 0.0, 'Microsoft Corp.': 0.0002063557573256294, 'Python Software Foundation': 0.0, 'Microsoft Corporation ': 0.0, 'The Wireshark developer community': 0.0002063557573256294, 'Microsoft Corporation': 0.01300041271151465, None: 0.9859678085018572, 'Google LLC': 0.0006190672719768881, '?': 0.0}
- Person4:
{'Adobe': 0.003067484662576687, 'The Wireshark developer community, https://www.wireshark.org/': 0.0, 'The Document Foundation': 0.0, 'Bloodshed Software': 0.0, 'Google': 0.0, 'Microsoft Corp.': 0.0, 'Python Software Foundation': 0.0, 'Microsoft Corporation ': 0.0, 'The Wireshark developer community': 0.0015337423312883436, 'Microsoft Corporation': 0.06288343558282208, None: 0.9095092024539877, 'Google LLC': 0.0, '?': 0.023006134969325152}
- Person5:
{'Adobe': 0.0, 'The Wireshark developer community, https://www.wireshark.org/': 0.0, 'The Document Foundation': 0.0, 'Bloodshed Software': 0.0, 'Google': 0.0, 'Microsoft Corp.': 0.002306805074971165, 'Python Software Foundation': 0.006343713956170703, 'Microsoft Corporation ': 0.0011534025374855825, 'The Wireshark developer community': 0.0005767012687427913, 'Microsoft Corporation': 0.07151095732410612, None: 0.9117647058823529, 'Google LLC': 0.0034602076124567475, '?': 0.0028835063437139563}
- Person6:
{'Adobe': 0.0, 'The Wireshark developer community, https://www.wireshark.org/': 0.001392757660167131, 'The Document Foundation': 0.0, 'Bloodshed Software': 0.0, 'Google': 0.0, 'Microsoft Corp.': 0.002785515320334262, 'Python Software Foundation': 0.0, 'Microsoft Corporation ': 0.0, 'The Wireshark developer community': 0.006963788300835654, 'Microsoft Corporation': 0.07381615598885793, None: 0.9108635097493036, 'Google LLC': 0.002785515320334262, '?': 0.001392757660167131}
# event_data.TargetLinkedLogonId
- Person1:
{'0x413b56': 0.0, '0x0': 0.05263157894736842, '0x57796e': 0.0020242914979757085, '0x57794c': 0.0020242914979757085, '0x413b3b': 0.0, None: 0.9433198380566802}
- Person2:
{'0x413b56': 0.0, '0x0': 0.031746031746031744, '0x57796e': 0.0, '0x57794c': 0.0, '0x413b3b': 0.0, None: 0.9682539682539683}
- Person3:
{'0x413b56': 0.0, '0x0': 0.006190672719768881, '0x57796e': 0.0, '0x57794c': 0.0, '0x413b3b': 0.0, None: 0.9938093272802311}
- Person4:
{'0x413b56': 0.0015337423312883436, '0x0': 0.03834355828220859, '0x57796e': 0.0, '0x57794c': 0.0, '0x413b3b': 0.0015337423312883436, None: 0.9585889570552147}
- Person5:
{'0x413b56': 0.0, '0x0': 0.02306805074971165, '0x57796e': 0.0, '0x57794c': 0.0, '0x413b3b': 0.0, None: 0.9769319492502884}
- Person6:
{'0x413b56': 0.0, '0x0': 0.01532033426183844, '0x57796e': 0.0, '0x57794c': 0.0, '0x413b3b': 0.0, None: 0.9846796657381616}
# event_data.SubjectDomainName
- Person1:
{'DESKTOP-P84STH6': 0.038461538461538464, 'Window Manager': 0.0, 'WORKGROUP': 0.06680161943319839, None: 0.840080971659919, 'NT AUTHORITY': 0.05465587044534413}
- Person2:
{'DESKTOP-P84STH6': 0.03571428571428571, 'Window Manager': 0.0, 'WORKGROUP': 0.037698412698412696, None: 0.8948412698412699, 'NT AUTHORITY': 0.031746031746031744}
- Person3:
{'DESKTOP-P84STH6': 0.0024762690879075525, 'Window Manager': 0.0, 'WORKGROUP': 0.9114733801073049, None: 0.07985967808501858, 'NT AUTHORITY': 0.006190672719768881}
- Person4:
{'DESKTOP-P84STH6': 0.03067484662576687, 'Window Manager': 0.013803680981595092, 'WORKGROUP': 0.05521472392638037, None: 0.8619631901840491, 'NT AUTHORITY': 0.03834355828220859}
- Person5:
{'DESKTOP-P84STH6': 0.32006920415224915, 'Window Manager': 0.0, 'WORKGROUP': 0.05478662053056517, None: 0.5893886966551326, 'NT AUTHORITY': 0.03575547866205306}
- Person6:
{'DESKTOP-P84STH6': 0.019498607242339833, 'Window Manager': 0.0, 'WORKGROUP': 0.02924791086350975, None: 0.9345403899721448, 'NT AUTHORITY': 0.016713091922005572}
# event_data.Protocol
- Person1:
{None: 0, 'tcp': 0}
- Person2:
{None: 0, 'tcp': 0}
- Person3:
{None: 0, 'tcp': 0}
- Person4:
{None: 0, 'tcp': 0}
- Person5:
{None: 0.9175317185697809, 'tcp': 0.08246828143021914}
- Person6:
{None: 0, 'tcp': 0}
# event_data.IpAddress
- Person1:
{None: 0.9392712550607287, '127.0.0.1': 0.006072874493927126, '-': 0.05465587044534413}
- Person2:
{None: 0.9662698412698413, '127.0.0.1': 0.0, '-': 0.03373015873015873}
- Person3:
{None: 0.9936029715229054, '127.0.0.1': 0.0, '-': 0.0063970284770945105}
- Person4:
{None: 0.9570552147239264, '127.0.0.1': 0.0, '-': 0.04294478527607362}
- Person5:
{None: 0.97520184544406, '127.0.0.1': 0.0, '-': 0.024798154555940023}
- Person6:
{None: 0.9846796657381616, '127.0.0.1': 0.0, '-': 0.01532033426183844}
# event_data.DestinationPort
- Person1:
{None: 0, '8080': 0, '443': 0}
- Person2:
{None: 0, '8080': 0, '443': 0}
- Person3:
{None: 0, '8080': 0, '443': 0}
- Person4:
{None: 0, '8080': 0, '443': 0}
- Person5:
{None: 0.9175317185697809, '8080': 0.06113033448673587, '443': 0.021337946943483274}
- Person6:
{None: 0, '8080': 0, '443': 0}
# event_data.TransmittedServices
- Person1:
{None: 0.9412955465587044, '-': 0.058704453441295545}
- Person2:
{None: 0.9662698412698413, '-': 0.03373015873015873}
- Person3:
{None: 0.9936029715229054, '-': 0.0063970284770945105}
- Person4:
{None: 0.9585889570552147, '-': 0.04141104294478527}
- Person5:
{None: 0.97520184544406, '-': 0.024798154555940023}
- Person6:
{None: 0.9846796657381616, '-': 0.01532033426183844}
# event_data.ReturnCode
- Person1:
{None: 0.9878542510121457, '0': 0.004048582995951417, '0x0': 0.0, '3221226021': 0.008097165991902834}
- Person2:
{None: 0.9682539682539683, '0': 0.005952380952380952, '0x0': 0.0, '3221226021': 0.025793650793650792}
- Person3:
{None: 0.9987618654560462, '0': 0.0004127115146512588, '0x0': 0.0, '3221226021': 0.0008254230293025176}
- Person4:
{None: 0.9570552147239264, '0': 0.006134969325153374, '0x0': 0.003067484662576687, '3221226021': 0.03374233128834356}
- Person5:
{None: 0.78719723183391, '0': 0.00922722029988466, '0x0': 0.002306805074971165, '3221226021': 0.20126874279123413}
- Person6:
{None: 0.967966573816156, '0': 0.005571030640668524, '0x0': 0.0, '3221226021': 0.026462395543175487}
# event_data.QueryStatus
- Person1:
{'0': 0.19838056680161945, '9501': 0.0020242914979757085, '123': 0.038461538461538464, '9003': 0.0, '1460': 0.0020242914979757085, '9701': 0.006072874493927126, None: 0.7510121457489879, '9852': 0.0020242914979757085, '9002': 0.0}
- Person2:
{'0': 0.25, '9501': 0.0, '123': 0.021825396825396824, '9003': 0.001984126984126984, '1460': 0.0, '9701': 0.0, None: 0.7261904761904762, '9852': 0.0, '9002': 0.0}
- Person3:
{'0': 0.0175402393726785, '9501': 0.0, '123': 0.002888980602558811, '9003': 0.0, '1460': 0.0, '9701': 0.0, None: 0.9795707800247627, '9852': 0.0, '9002': 0.0}
- Person4:
{'0': 0.20552147239263804, '9501': 0.0, '123': 0.0015337423312883436, '9003': 0.003067484662576687, '1460': 0.0, '9701': 0.009202453987730062, None: 0.7806748466257669, '9852': 0.0, '9002': 0.0}
- Person5:
{'0': 0.040945790080738176, '9501': 0.0, '123': 0.00980392156862745, '9003': 0.0017301038062283738, '1460': 0.0, '9701': 0.0, None: 0.947520184544406, '9852': 0.0, '9002': 0.0}
- Person6:
{'0': 0.6030640668523677, '9501': 0.0, '123': 0.019498607242339833, '9003': 0.009749303621169917, '1460': 0.0, '9701': 0.0, None: 0.36629526462395545, '9852': 0.0, '9002': 0.001392757660167131}
# event_data.SubjectUserName
- Person1:
{'NS': 0.038461538461538464, 'DWM-1': 0.0, 'SYSTEM': 0.05263157894736842, 'DESKTOP-P84STH6$': 0.06680161943319839, None: 0.840080971659919, 'LOCAL SERVICE': 0.0020242914979757085}
- Person2:
{'NS': 0.03571428571428571, 'DWM-1': 0.0, 'SYSTEM': 0.031746031746031744, 'DESKTOP-P84STH6$': 0.037698412698412696, None: 0.8948412698412699, 'LOCAL SERVICE': 0.0}
- Person3:
{'NS': 0.0024762690879075525, 'DWM-1': 0.0, 'SYSTEM': 0.006190672719768881, 'DESKTOP-P84STH6$': 0.9114733801073049, None: 0.07985967808501858, 'LOCAL SERVICE': 0.0}
- Person4:
{'NS': 0.03067484662576687, 'DWM-1': 0.013803680981595092, 'SYSTEM': 0.03834355828220859, 'DESKTOP-P84STH6$': 0.05521472392638037, None: 0.8619631901840491, 'LOCAL SERVICE': 0.0}
- Person5:
{'NS': 0.32006920415224915, 'DWM-1': 0.0, 'SYSTEM': 0.02306805074971165, 'DESKTOP-P84STH6$': 0.05478662053056517, None: 0.5893886966551326, 'LOCAL SERVICE': 0.012687427912341407}
- Person6:
{'NS': 0.019498607242339833, 'DWM-1': 0.0, 'SYSTEM': 0.01532033426183844, 'DESKTOP-P84STH6$': 0.02924791086350975, None: 0.9345403899721448, 'LOCAL SERVICE': 0.001392757660167131}
# event_data.ImpersonationLevel
- Person1:
{None: 0.9433198380566802, '%%1833': 0.05668016194331984}
- Person2:
{None: 0.9682539682539683, '%%1833': 0.031746031746031744}
- Person3:
{None: 0.9938093272802311, '%%1833': 0.006190672719768881}
- Person4:
{None: 0.9585889570552147, '%%1833': 0.04141104294478527}
- Person5:
{None: 0.9769319492502884, '%%1833': 0.02306805074971165}
- Person6:
{None: 0.9846796657381616, '%%1833': 0.01532033426183844}
# event_data.ReadOperation
- Person1:
{None: 0.9878542510121457, '%%8099': 0.0, '%%8100': 0.012145748987854251}
- Person2:
{None: 0.9682539682539683, '%%8099': 0.0, '%%8100': 0.031746031746031744}
- Person3:
{None: 0.9987618654560462, '%%8099': 0.0, '%%8100': 0.0012381345439537762}
- Person4:
{None: 0.9601226993865031, '%%8099': 0.0015337423312883436, '%%8100': 0.03834355828220859}
- Person5:
{None: 0.7895040369088812, '%%8099': 0.15974625144175317, '%%8100': 0.05074971164936563}
- Person6:
{None: 0.967966573816156, '%%8099': 0.0, '%%8100': 0.03203342618384401}
# event_data.Initiated
- Person1:
{None: 0, 'false': 0, 'true': 0}
- Person2:
{None: 0, 'false': 0, 'true': 0}
- Person3:
{None: 0, 'false': 0, 'true': 0}
- Person4:
{None: 0, 'false': 0, 'true': 0}
- Person5:
{None: 0.9175317185697809, 'false': 0.030565167243367934, 'true': 0.05190311418685121}
- Person6:
{None: 0, 'false': 0, 'true': 0}
# event_data.SourceHostname
- Person1:
{None: 0, 'DESKTOP-P84STH6': 0}
- Person2:
{None: 0, 'DESKTOP-P84STH6': 0}
- Person3:
{None: 0, 'DESKTOP-P84STH6': 0}
- Person4:
{None: 0, 'DESKTOP-P84STH6': 0}
- Person5:
{None: 0.9175317185697809, 'DESKTOP-P84STH6': 0.08246828143021914}
- Person6:
{None: 0, 'DESKTOP-P84STH6': 0}
# event_data.TargetLogonId
- Person1:
{'0x413b56': 0.0, '0x3e7': 0.05263157894736842, '0xc57e': 0.0, '0x57796e': 0.004048582995951417, '0x57794c': 0.004048582995951417, '0xc5b0': 0.0, '0x413b3b': 0.0, None: 0.9392712550607287}
- Person2:
{'0x413b56': 0.0, '0x3e7': 0.031746031746031744, '0xc57e': 0.0, '0x57796e': 0.0, '0x57794c': 0.0, '0xc5b0': 0.0, '0x413b3b': 0.0, None: 0.9682539682539683}
- Person3:
{'0x413b56': 0.0, '0x3e7': 0.006190672719768881, '0xc57e': 0.0, '0x57796e': 0.0, '0x57794c': 0.0, '0xc5b0': 0.0, '0x413b3b': 0.0, None: 0.9938093272802311}
- Person4:
{'0x413b56': 0.0015337423312883436, '0x3e7': 0.03834355828220859, '0xc57e': 0.0015337423312883436, '0x57796e': 0.0, '0x57794c': 0.0, '0xc5b0': 0.0015337423312883436, '0x413b3b': 0.0015337423312883436, None: 0.9555214723926381}
- Person5:
{'0x413b56': 0.0, '0x3e7': 0.02306805074971165, '0xc57e': 0.0, '0x57796e': 0.0, '0x57794c': 0.0, '0xc5b0': 0.0, '0x413b3b': 0.0, None: 0.9769319492502884}
- Person6:
{'0x413b56': 0.0, '0x3e7': 0.01532033426183844, '0xc57e': 0.0, '0x57796e': 0.0, '0x57794c': 0.0, '0xc5b0': 0.0, '0x413b3b': 0.0, None: 0.9846796657381616}
# event_data.Operation
- Person1:
{None: 0, '%%2458': 0, '%%2480': 0}
- Person2:
{None: 0, '%%2458': 0, '%%2480': 0}
- Person3:
{None: 0, '%%2458': 0, '%%2480': 0}
- Person4:
{None: 0.9969325153374233, '%%2458': 0.0015337423312883436, '%%2480': 0.0015337423312883436}
- Person5:
{None: 0.9976931949250288, '%%2458': 0.0011534025374855825, '%%2480': 0.0011534025374855825}
- Person6:
{None: 0, '%%2458': 0, '%%2480': 0}
# event_data.EventType
- Person1:
{None: 0.8421052631578947, 'DeleteKey': 0.0020242914979757085, 'SetValue': 0.1396761133603239, 'DeleteValue': 0.016194331983805668}
- Person2:
{None: 0.9861111111111112, 'DeleteKey': 0.0, 'SetValue': 0.013888888888888888, 'DeleteValue': 0.0}
- Person3:
{None: 0.992777548493603, 'DeleteKey': 0.0, 'SetValue': 0.006603384234420141, 'DeleteValue': 0.0006190672719768881}
- Person4:
{None: 0.9401840490797546, 'DeleteKey': 0.0, 'SetValue': 0.0598159509202454, 'DeleteValue': 0.0}
- Person5:
{None: 0.884083044982699, 'DeleteKey': 0.0, 'SetValue': 0.11418685121107267, 'DeleteValue': 0.0017301038062283738}
- Person6:
{None: 0.9930362116991643, 'DeleteKey': 0.0, 'SetValue': 0.006963788300835654, 'DeleteValue': 0.0}
# event_data.IntegrityLevel
- Person1:
{'System': 0.1396761133603239, 'Medium': 0.07489878542510121, None: 0.7753036437246964, 'Low': 0.0020242914979757085, 'High': 0.008097165991902834}
- Person2:
{'System': 0.047619047619047616, 'Medium': 0.29365079365079366, None: 0.6507936507936508, 'Low': 0.001984126984126984, 'High': 0.005952380952380952}
- Person3:
{'System': 0.008666941807676434, 'Medium': 0.004333470903838217, None: 0.9851423854725547, 'Low': 0.0002063557573256294, 'High': 0.0016508460586050352}
- Person4:
{'System': 0.03680981595092025, 'Medium': 0.06441717791411043, None: 0.897239263803681, 'Low': 0.0, 'High': 0.0015337423312883436}
- Person5:
{'System': 0.04671280276816609, 'Medium': 0.03460207612456748, None: 0.9117647058823529, 'Low': 0.0028835063437139563, 'High': 0.004036908881199538}
- Person6:
{'System': 0.06267409470752089, 'Medium': 0.023676880222841225, None: 0.9052924791086351, 'Low': 0.0, 'High': 0.008356545961002786}
# event_data.LmPackageName
- Person1:
{None: 0.9412955465587044, '-': 0.058704453441295545}
- Person2:
{None: 0.9662698412698413, '-': 0.03373015873015873}
- Person3:
{None: 0.9936029715229054, '-': 0.0063970284770945105}
- Person4:
{None: 0.9585889570552147, '-': 0.04141104294478527}
- Person5:
{None: 0.97520184544406, '-': 0.024798154555940023}
- Person6:
{None: 0.9846796657381616, '-': 0.01532033426183844}
# event_data.SourceIp
- Person1:
{None: 0, '0:0:0:0:0:0:0:1': 0, '10.0.2.15': 0}
- Person2:
{None: 0, '0:0:0:0:0:0:0:1': 0, '10.0.2.15': 0}
- Person3:
{None: 0, '0:0:0:0:0:0:0:1': 0, '10.0.2.15': 0}
- Person4:
{None: 0, '0:0:0:0:0:0:0:1': 0, '10.0.2.15': 0}
- Person5:
{None: 0.9175317185697809, '0:0:0:0:0:0:0:1': 0.06113033448673587, '10.0.2.15': 0.021337946943483274}
- Person6:
{None: 0, '0:0:0:0:0:0:0:1': 0, '10.0.2.15': 0}
# event_data.Workstation
- Person1:
{None: 0.9898785425101214, 'DESKTOP-P84STH6': 0.010121457489878543}
- Person2:
{None: 0, 'DESKTOP-P84STH6': 0}
- Person3:
{None: 0.9997936442426744, 'DESKTOP-P84STH6': 0.0002063557573256294}
- Person4:
{None: 0.9984662576687117, 'DESKTOP-P84STH6': 0.0015337423312883436}
- Person5:
{None: 0.870242214532872, 'DESKTOP-P84STH6': 0.12975778546712802}
- Person6:
{None: 0, 'DESKTOP-P84STH6': 0}
# event_data.DestinationHostname
- Person1:
{None: 0, 'DESKTOP-P84STH6': 0, 'dsnspc172.cs.nctu.edu.tw': 0}
- Person2:
{None: 0, 'DESKTOP-P84STH6': 0, 'dsnspc172.cs.nctu.edu.tw': 0}
- Person3:
{None: 0, 'DESKTOP-P84STH6': 0, 'dsnspc172.cs.nctu.edu.tw': 0}
- Person4:
{None: 0, 'DESKTOP-P84STH6': 0, 'dsnspc172.cs.nctu.edu.tw': 0}
- Person5:
{None: 0.9382929642445214, 'DESKTOP-P84STH6': 0.06113033448673587, 'dsnspc172.cs.nctu.edu.tw': 0.0005767012687427913}
- Person6:
{None: 0, 'DESKTOP-P84STH6': 0, 'dsnspc172.cs.nctu.edu.tw': 0}
# event_data.ProviderName
- Person1:
{None: 0, 'Microsoft Software Key Storage Provider': 0}
- Person2:
{None: 0, 'Microsoft Software Key Storage Provider': 0}
- Person3:
{None: 0, 'Microsoft Software Key Storage Provider': 0}
- Person4:
{None: 0.9969325153374233, 'Microsoft Software Key Storage Provider': 0.003067484662576687}
- Person5:
{None: 0.9976931949250288, 'Microsoft Software Key Storage Provider': 0.002306805074971165}
- Person6:
{None: 0, 'Microsoft Software Key Storage Provider': 0}
# event_data.AlgorithmName
- Person1:
{None: 0, 'UNKNOWN': 0, 'RSA': 0}
- Person2:
{None: 0, 'UNKNOWN': 0, 'RSA': 0}
- Person3:
{None: 0, 'UNKNOWN': 0, 'RSA': 0}
- Person4:
{None: 0.9969325153374233, 'UNKNOWN': 0.0015337423312883436, 'RSA': 0.0015337423312883436}
- Person5:
{None: 0.9976931949250288, 'UNKNOWN': 0.0011534025374855825, 'RSA': 0.0011534025374855825}
- Person6:
{None: 0, 'UNKNOWN': 0, 'RSA': 0}
# event_data.User
- Person1:
{'NT AUTHORITY\\NETWORK SERVICE': 0.010121457489878543, 'Window Manager\\DWM-1': 0.0, None: 0.7753036437246964, 'NT AUTHORITY\\SYSTEM': 0.1194331983805668, 'DESKTOP-P84STH6\\NS': 0.08502024291497975, 'NT AUTHORITY\\LOCAL SERVICE': 0.010121457489878543}
- Person2:
{'NT AUTHORITY\\NETWORK SERVICE': 0.003968253968253968, 'Window Manager\\DWM-1': 0.0, None: 0.6507936507936508, 'NT AUTHORITY\\SYSTEM': 0.041666666666666664, 'DESKTOP-P84STH6\\NS': 0.30158730158730157, 'NT AUTHORITY\\LOCAL SERVICE': 0.001984126984126984}
- Person3:
{'NT AUTHORITY\\NETWORK SERVICE': 0.0004127115146512588, 'Window Manager\\DWM-1': 0.0, None: 0.9851423854725547, 'NT AUTHORITY\\SYSTEM': 0.007841518778373916, 'DESKTOP-P84STH6\\NS': 0.006190672719768881, 'NT AUTHORITY\\LOCAL SERVICE': 0.0004127115146512588}
- Person4:
{'NT AUTHORITY\\NETWORK SERVICE': 0.0, 'Window Manager\\DWM-1': 0.003067484662576687, None: 0.897239263803681, 'NT AUTHORITY\\SYSTEM': 0.03374233128834356, 'DESKTOP-P84STH6\\NS': 0.06595092024539877, 'NT AUTHORITY\\LOCAL SERVICE': 0.0}
- Person5:
{'NT AUTHORITY\\NETWORK SERVICE': 0.0017301038062283738, 'Window Manager\\DWM-1': 0.0, None: 0.8292964244521338, 'NT AUTHORITY\\SYSTEM': 0.040945790080738176, 'DESKTOP-P84STH6\\NS': 0.12399077277970011, 'NT AUTHORITY\\LOCAL SERVICE': 0.004036908881199538}
- Person6:
{'NT AUTHORITY\\NETWORK SERVICE': 0.001392757660167131, 'Window Manager\\DWM-1': 0.0, None: 0.9052924791086351, 'NT AUTHORITY\\SYSTEM': 0.057103064066852366, 'DESKTOP-P84STH6\\NS': 0.03203342618384401, 'NT AUTHORITY\\LOCAL SERVICE': 0.004178272980501393}
# event_data.SubjectUserSid
- Person1:
{'S-1-5-18': 0.1194331983805668, 'S-1-5-90-0-1': 0.0, 'S-1-5-19': 0.0020242914979757085, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.038461538461538464, None: 0.840080971659919}
- Person2:
{'S-1-5-18': 0.06944444444444445, 'S-1-5-90-0-1': 0.0, 'S-1-5-19': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.03571428571428571, None: 0.8948412698412699}
- Person3:
{'S-1-5-18': 0.9176640528270739, 'S-1-5-90-0-1': 0.0, 'S-1-5-19': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.0024762690879075525, None: 0.07985967808501858}
- Person4:
{'S-1-5-18': 0.09355828220858896, 'S-1-5-90-0-1': 0.013803680981595092, 'S-1-5-19': 0.0, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.03067484662576687, None: 0.8619631901840491}
- Person5:
{'S-1-5-18': 0.07785467128027682, 'S-1-5-90-0-1': 0.0, 'S-1-5-19': 0.012687427912341407, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.32006920415224915, None: 0.5893886966551326}
- Person6:
{'S-1-5-18': 0.04456824512534819, 'S-1-5-90-0-1': 0.0, 'S-1-5-19': 0.001392757660167131, 'S-1-5-21-223836497-1760142647-788189203-1001': 0.019498607242339833, None: 0.9345403899721448}
# system.Keywords
- Person1:
{'0x8000000000000000': 0.8360323886639676, '0x8010000000000000': 0.0020242914979757085, '0x8020000000000000': 0.16194331983805668}
- Person2:
{'0x8000000000000000': 0.8948412698412699, '0x8010000000000000': 0.001984126984126984, '0x8020000000000000': 0.10317460317460317}
- Person3:
{'0x8000000000000000': 0.07985967808501858, '0x8010000000000000': 0.0002063557573256294, '0x8020000000000000': 0.9199339661576558}
- Person4:
{'0x8000000000000000': 0.47699386503067487, '0x8010000000000000': 0.38190184049079756, '0x8020000000000000': 0.1411042944785276}
- Person5:
{'0x8000000000000000': 0.5893886966551326, '0x8010000000000000': 0.0017301038062283738, '0x8020000000000000': 0.408881199538639}
- Person6:
{'0x8000000000000000': 0.9345403899721448, '0x8010000000000000': 0.0, '0x8020000000000000': 0.06545961002785515}
# event_data.param1
- Person1:
{None: 0, '\\Device\\HarddiskVolume2\\Windows\\System32\\VBoxDispD3D.dll': 0}
- Person2:
{None: 0, '\\Device\\HarddiskVolume2\\Windows\\System32\\VBoxDispD3D.dll': 0}
- Person3:
{None: 0, '\\Device\\HarddiskVolume2\\Windows\\System32\\VBoxDispD3D.dll': 0}
- Person4:
{None: 0.6180981595092024, '\\Device\\HarddiskVolume2\\Windows\\System32\\VBoxDispD3D.dll': 0.38190184049079756}
- Person5:
{None: 0, '\\Device\\HarddiskVolume2\\Windows\\System32\\VBoxDispD3D.dll': 0}
- Person6:
{None: 0, '\\Device\\HarddiskVolume2\\Windows\\System32\\VBoxDispD3D.dll': 0}
# event_data.KeyFilePath
- Person1:
{None: 0, 'C:\\ProgramData\\Microsoft\\Crypto\\SystemKeys\\ecc6a3f47d6202c819b86de61d2f66bb_5d3d98af-075c-43a1-a7ba-2845b4aa4f42': 0}
- Person2:
{None: 0, 'C:\\ProgramData\\Microsoft\\Crypto\\SystemKeys\\ecc6a3f47d6202c819b86de61d2f66bb_5d3d98af-075c-43a1-a7ba-2845b4aa4f42': 0}
- Person3:
{None: 0, 'C:\\ProgramData\\Microsoft\\Crypto\\SystemKeys\\ecc6a3f47d6202c819b86de61d2f66bb_5d3d98af-075c-43a1-a7ba-2845b4aa4f42': 0}
- Person4:
{None: 0.9984662576687117, 'C:\\ProgramData\\Microsoft\\Crypto\\SystemKeys\\ecc6a3f47d6202c819b86de61d2f66bb_5d3d98af-075c-43a1-a7ba-2845b4aa4f42': 0.0015337423312883436}
- Person5:
{None: 0.9988465974625144, 'C:\\ProgramData\\Microsoft\\Crypto\\SystemKeys\\ecc6a3f47d6202c819b86de61d2f66bb_5d3d98af-075c-43a1-a7ba-2845b4aa4f42': 0.0011534025374855825}
- Person6:
{None: 0, 'C:\\ProgramData\\Microsoft\\Crypto\\SystemKeys\\ecc6a3f47d6202c819b86de61d2f66bb_5d3d98af-075c-43a1-a7ba-2845b4aa4f42': 0}
# event_data.SourcePortName
- Person1:
{None: 0}
- Person2:
{None: 0}
- Person3:
{None: 0}
- Person4:
{None: 0}
- Person5:
{None: 1.0}
- Person6:
{None: 0}
# event_data.ObjectType
- Person1:
{None: 0.9979757085020243, 'File': 0.0020242914979757085}
- Person2:
{None: 0, 'File': 0}
- Person3:
{None: 0.09739991745769706, 'File': 0.902600082542303}
- Person4:
{None: 0, 'File': 0}
- Person5:
{None: 0.9959630911188004, 'File': 0.004036908881199538}
- Person6:
{None: 0.9986072423398329, 'File': 0.001392757660167131}
# event_data.SourceProcessGuid
- Person1:
{'{5d3d98af-2b99-5ec2-0000-0010af0f3e00}': 0, '{5d3d98af-2b76-5ec2-0000-00102bdf3b00}': 0, '{5d3d98af-2994-5ec2-0000-0010df243100}': 0, '{5d3d98af-2988-5ec2-0000-0010a3a73000}': 0, '{5d3d98af-2c04-5ec2-0000-00101e294300}': 0, '{5d3d98af-2bf6-5ec2-0000-0010d7e44100}': 0, '{5d3d98af-2b83-5ec2-0000-001037d23c00}': 0, None: 0, '{5d3d98af-25af-5ec2-0000-0010242e0900}': 0, '{5d3d98af-264b-5ec2-0000-00107e200800}': 0, '{5d3d98af-2b7e-5ec2-0000-0010945e3c00}': 0, '{5d3d98af-2c07-5ec2-0000-0010bd8e4300}': 0, '{5d3d98af-2c22-5ec2-0000-0010ea194400}': 0}
- Person2:
{'{5d3d98af-2b99-5ec2-0000-0010af0f3e00}': 0.0, '{5d3d98af-2b76-5ec2-0000-00102bdf3b00}': 0.0, '{5d3d98af-2994-5ec2-0000-0010df243100}': 0.0, '{5d3d98af-2988-5ec2-0000-0010a3a73000}': 0.0, '{5d3d98af-2c04-5ec2-0000-00101e294300}': 0.0, '{5d3d98af-2bf6-5ec2-0000-0010d7e44100}': 0.0, '{5d3d98af-2b83-5ec2-0000-001037d23c00}': 0.0, None: 0.9920634920634921, '{5d3d98af-25af-5ec2-0000-0010242e0900}': 0.007936507936507936, '{5d3d98af-264b-5ec2-0000-00107e200800}': 0.0, '{5d3d98af-2b7e-5ec2-0000-0010945e3c00}': 0.0, '{5d3d98af-2c07-5ec2-0000-0010bd8e4300}': 0.0, '{5d3d98af-2c22-5ec2-0000-0010ea194400}': 0.0}
- Person3:
{'{5d3d98af-2b99-5ec2-0000-0010af0f3e00}': 0, '{5d3d98af-2b76-5ec2-0000-00102bdf3b00}': 0, '{5d3d98af-2994-5ec2-0000-0010df243100}': 0, '{5d3d98af-2988-5ec2-0000-0010a3a73000}': 0, '{5d3d98af-2c04-5ec2-0000-00101e294300}': 0, '{5d3d98af-2bf6-5ec2-0000-0010d7e44100}': 0, '{5d3d98af-2b83-5ec2-0000-001037d23c00}': 0, None: 0, '{5d3d98af-25af-5ec2-0000-0010242e0900}': 0, '{5d3d98af-264b-5ec2-0000-00107e200800}': 0, '{5d3d98af-2b7e-5ec2-0000-0010945e3c00}': 0, '{5d3d98af-2c07-5ec2-0000-0010bd8e4300}': 0, '{5d3d98af-2c22-5ec2-0000-0010ea194400}': 0}
- Person4:
{'{5d3d98af-2b99-5ec2-0000-0010af0f3e00}': 0.003067484662576687, '{5d3d98af-2b76-5ec2-0000-00102bdf3b00}': 0.003067484662576687, '{5d3d98af-2994-5ec2-0000-0010df243100}': 0.003067484662576687, '{5d3d98af-2988-5ec2-0000-0010a3a73000}': 0.003067484662576687, '{5d3d98af-2c04-5ec2-0000-00101e294300}': 0.003067484662576687, '{5d3d98af-2bf6-5ec2-0000-0010d7e44100}': 0.0015337423312883436, '{5d3d98af-2b83-5ec2-0000-001037d23c00}': 0.003067484662576687, None: 0.950920245398773, '{5d3d98af-25af-5ec2-0000-0010242e0900}': 0.0, '{5d3d98af-264b-5ec2-0000-00107e200800}': 0.019938650306748466, '{5d3d98af-2b7e-5ec2-0000-0010945e3c00}': 0.003067484662576687, '{5d3d98af-2c07-5ec2-0000-0010bd8e4300}': 0.003067484662576687, '{5d3d98af-2c22-5ec2-0000-0010ea194400}': 0.003067484662576687}
- Person5:
{'{5d3d98af-2b99-5ec2-0000-0010af0f3e00}': 0, '{5d3d98af-2b76-5ec2-0000-00102bdf3b00}': 0, '{5d3d98af-2994-5ec2-0000-0010df243100}': 0, '{5d3d98af-2988-5ec2-0000-0010a3a73000}': 0, '{5d3d98af-2c04-5ec2-0000-00101e294300}': 0, '{5d3d98af-2bf6-5ec2-0000-0010d7e44100}': 0, '{5d3d98af-2b83-5ec2-0000-001037d23c00}': 0, None: 0, '{5d3d98af-25af-5ec2-0000-0010242e0900}': 0, '{5d3d98af-264b-5ec2-0000-00107e200800}': 0, '{5d3d98af-2b7e-5ec2-0000-0010945e3c00}': 0, '{5d3d98af-2c07-5ec2-0000-0010bd8e4300}': 0, '{5d3d98af-2c22-5ec2-0000-0010ea194400}': 0}
- Person6:
{'{5d3d98af-2b99-5ec2-0000-0010af0f3e00}': 0, '{5d3d98af-2b76-5ec2-0000-00102bdf3b00}': 0, '{5d3d98af-2994-5ec2-0000-0010df243100}': 0, '{5d3d98af-2988-5ec2-0000-0010a3a73000}': 0, '{5d3d98af-2c04-5ec2-0000-00101e294300}': 0, '{5d3d98af-2bf6-5ec2-0000-0010d7e44100}': 0, '{5d3d98af-2b83-5ec2-0000-001037d23c00}': 0, None: 0, '{5d3d98af-25af-5ec2-0000-0010242e0900}': 0, '{5d3d98af-264b-5ec2-0000-00107e200800}': 0, '{5d3d98af-2b7e-5ec2-0000-0010945e3c00}': 0, '{5d3d98af-2c07-5ec2-0000-0010bd8e4300}': 0, '{5d3d98af-2c22-5ec2-0000-0010ea194400}': 0}
# event_data.StartFunction
- Person1:
{None: 0}
- Person2:
{None: 1.0}
- Person3:
{None: 0}
- Person4:
{None: 1.0}
- Person5:
{None: 0}
- Person6:
{None: 0}
# system.Version
- Person1:
{'3': 0.0, '0': 0.10526315789473684, '5': 0.47368421052631576, '2': 0.4190283400809717, '1': 0.0020242914979757085, '4': 0.0}
- Person2:
{'3': 0.037698412698412696, '0': 0.07341269841269842, '5': 0.623015873015873, '2': 0.26587301587301587, '1': 0.0, '4': 0.0}
- Person3:
{'3': 0.0002063557573256294, '0': 0.9139496491952126, '5': 0.03528683450268263, '2': 0.0505571605447792, '1': 0.0, '4': 0.0}
- Person4:
{'3': 0.013803680981595092, '0': 0.48006134969325154, '5': 0.3220858895705521, '2': 0.18251533742331288, '1': 0.0015337423312883436, '4': 0.0}
- Person5:
{'3': 0.00922722029988466, '0': 0.3863898500576701, '5': 0.2231833910034602, '2': 0.3552479815455594, '1': 0.0011534025374855825, '4': 0.024798154555940023}
- Person6:
{'3': 0.002785515320334262, '0': 0.04874651810584958, '5': 0.7284122562674095, '2': 0.21866295264623956, '1': 0.001392757660167131, '4': 0.0}
# event_data.ClientCreationTime
- Person1:
{None: 0, '2020-05-18T06:32:04.922555500Z': 0, '2020-05-18T06:22:36.725019200Z': 0}
- Person2:
{None: 0, '2020-05-18T06:32:04.922555500Z': 0, '2020-05-18T06:22:36.725019200Z': 0}
- Person3:
{None: 0, '2020-05-18T06:32:04.922555500Z': 0, '2020-05-18T06:22:36.725019200Z': 0}
- Person4:
{None: 0.9984662576687117, '2020-05-18T06:32:04.922555500Z': 0.0015337423312883436, '2020-05-18T06:22:36.725019200Z': 0.0}
- Person5:
{None: 0.9988465974625144, '2020-05-18T06:32:04.922555500Z': 0.0, '2020-05-18T06:22:36.725019200Z': 0.0011534025374855825}
- Person6:
{None: 0, '2020-05-18T06:32:04.922555500Z': 0, '2020-05-18T06:22:36.725019200Z': 0}
# event_data.NewSd
- Person1:
{None: 0.9979757085020243, 'S:ARAI(AU;SAFA;0x1f0116;;;WD)': 0.0, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)': 0.0020242914979757085, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)': 0.0}
- Person2:
{None: 0, 'S:ARAI(AU;SAFA;0x1f0116;;;WD)': 0, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)': 0, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)': 0}
- Person3:
{None: 0.09739991745769706, 'S:ARAI(AU;SAFA;0x1f0116;;;WD)': 0.1440363186132893, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)': 0.758357408171688, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)': 0.0002063557573256294}
- Person4:
{None: 0, 'S:ARAI(AU;SAFA;0x1f0116;;;WD)': 0, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)': 0, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)': 0}
- Person5:
{None: 0.9959630911188004, 'S:ARAI(AU;SAFA;0x1f0116;;;WD)': 0.0034602076124567475, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)': 0.0005767012687427913, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)': 0.0}
- Person6:
{None: 0.9986072423398329, 'S:ARAI(AU;SAFA;0x1f0116;;;WD)': 0.0, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)': 0.001392757660167131, 'S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)': 0.0}
# event_data.KeyName
- Person1:
{None: 0, '14fdd55a-cbd4-a213-2535-71ef6ddf0b5e': 0}
- Person2:
{None: 0, '14fdd55a-cbd4-a213-2535-71ef6ddf0b5e': 0}
- Person3:
{None: 0, '14fdd55a-cbd4-a213-2535-71ef6ddf0b5e': 0}
- Person4:
{None: 0.9969325153374233, '14fdd55a-cbd4-a213-2535-71ef6ddf0b5e': 0.003067484662576687}
- Person5:
{None: 0.9976931949250288, '14fdd55a-cbd4-a213-2535-71ef6ddf0b5e': 0.002306805074971165}
- Person6:
{None: 0, '14fdd55a-cbd4-a213-2535-71ef6ddf0b5e': 0}
# event_data.ObjectServer
- Person1:
{None: 0.9979757085020243, 'Security': 0.0020242914979757085}
- Person2:
{None: 0, 'Security': 0}
- Person3:
{None: 0.09739991745769706, 'Security': 0.902600082542303}
- Person4:
{None: 0, 'Security': 0}
- Person5:
{None: 0.9959630911188004, 'Security': 0.004036908881199538}
- Person6:
{None: 0.9986072423398329, 'Security': 0.001392757660167131}
# event_data.TargetOutboundUserName
- Person1:
{None: 0.9433198380566802, '-': 0.05668016194331984}
- Person2:
{None: 0.9682539682539683, '-': 0.031746031746031744}
- Person3:
{None: 0.9938093272802311, '-': 0.006190672719768881}
- Person4:
{None: 0.9585889570552147, '-': 0.04141104294478527}
- Person5:
{None: 0.9769319492502884, '-': 0.02306805074971165}
- Person6:
{None: 0.9846796657381616, '-': 0.01532033426183844}
# event_data.DestinationIp
- Person1:
{'140.113.194.88': 0, '0:0:0:0:0:0:0:1': 0, '13.75.38.7': 0, '104.42.78.153': 0, '117.18.232.200': 0, None: 0, '64.4.54.254': 0, '111.221.29.254': 0}
- Person2:
{'140.113.194.88': 0, '0:0:0:0:0:0:0:1': 0, '13.75.38.7': 0, '104.42.78.153': 0, '117.18.232.200': 0, None: 0, '64.4.54.254': 0, '111.221.29.254': 0}
- Person3:
{'140.113.194.88': 0, '0:0:0:0:0:0:0:1': 0, '13.75.38.7': 0, '104.42.78.153': 0, '117.18.232.200': 0, None: 0, '64.4.54.254': 0, '111.221.29.254': 0}
- Person4:
{'140.113.194.88': 0, '0:0:0:0:0:0:0:1': 0, '13.75.38.7': 0, '104.42.78.153': 0, '117.18.232.200': 0, None: 0, '64.4.54.254': 0, '111.221.29.254': 0}
- Person5:
{'140.113.194.88': 0.0005767012687427913, '0:0:0:0:0:0:0:1': 0.06113033448673587, '13.75.38.7': 0.0034602076124567475, '104.42.78.153': 0.0011534025374855825, '117.18.232.200': 0.0017301038062283738, None: 0.9175317185697809, '64.4.54.254': 0.0011534025374855825, '111.221.29.254': 0.0132641291810842}
- Person6:
{'140.113.194.88': 0, '0:0:0:0:0:0:0:1': 0, '13.75.38.7': 0, '104.42.78.153': 0, '117.18.232.200': 0, None: 0, '64.4.54.254': 0, '111.221.29.254': 0}
# event_data.SourceProcessId
- Person1:
{'6556': 0, '7336': 0, '2356': 0, '6804': 0, '6868': 0, '392': 0, '7972': 0, '7788': 0, '1020': 0, None: 0, '2720': 0, '5040': 0, '1076': 0}
- Person2:
{'6556': 0.007936507936507936, '7336': 0.0, '2356': 0.0, '6804': 0.0, '6868': 0.0, '392': 0.0, '7972': 0.0, '7788': 0.0, '1020': 0.0, None: 0.9920634920634921, '2720': 0.0, '5040': 0.0, '1076': 0.0}
- Person3:
{'6556': 0, '7336': 0, '2356': 0, '6804': 0, '6868': 0, '392': 0, '7972': 0, '7788': 0, '1020': 0, None: 0, '2720': 0, '5040': 0, '1076': 0}
- Person4:
{'6556': 0.0, '7336': 0.003067484662576687, '2356': 0.003067484662576687, '6804': 0.003067484662576687, '6868': 0.019938650306748466, '392': 0.0015337423312883436, '7972': 0.003067484662576687, '7788': 0.003067484662576687, '1020': 0.003067484662576687, None: 0.950920245398773, '2720': 0.003067484662576687, '5040': 0.003067484662576687, '1076': 0.003067484662576687}
- Person5:
{'6556': 0, '7336': 0, '2356': 0, '6804': 0, '6868': 0, '392': 0, '7972': 0, '7788': 0, '1020': 0, None: 0, '2720': 0, '5040': 0, '1076': 0}
- Person6:
{'6556': 0, '7336': 0, '2356': 0, '6804': 0, '6868': 0, '392': 0, '7972': 0, '7788': 0, '1020': 0, None: 0, '2720': 0, '5040': 0, '1076': 0}
# label
- Person1:
{'3': 0.0, '6': 0.0, '5': 0.0, '2': 0.0, '1': 1.0, '4': 0.0}
- Person2:
{'3': 0.0, '6': 0.0, '5': 0.0, '2': 1.0, '1': 0.0, '4': 0.0}
- Person3:
{'3': 1.0, '6': 0.0, '5': 0.0, '2': 0.0, '1': 0.0, '4': 0.0}
- Person4:
{'3': 0.0, '6': 0.0, '5': 0.0, '2': 0.0, '1': 0.0, '4': 1.0}
- Person5:
{'3': 0.0, '6': 0.0, '5': 1.0, '2': 0.0, '1': 0.0, '4': 0.0}
- Person6:
{'3': 0.0, '6': 1.0, '5': 0.0, '2': 0.0, '1': 0.0, '4': 0.0}
# event_data.PrivilegeList
- Person1:
{'SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege\n\t\t\t\tSeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.05263157894736842, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege': 0.0, None: 0.9453441295546559, 'SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0020242914979757085}
- Person2:
{'SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege\n\t\t\t\tSeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.031746031746031744, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege': 0.0, None: 0.9682539682539683, 'SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0}
- Person3:
{'SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege': 0.006190672719768881, 'SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege\n\t\t\t\tSeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege': 0.0, None: 0.9938093272802311, 'SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0}
- Person4:
{'SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege\n\t\t\t\tSeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.03834355828220859, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege': 0.0015337423312883436, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege': 0.0015337423312883436, None: 0.9585889570552147, 'SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0}
- Person5:
{'SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege': 0.02306805074971165, 'SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege\n\t\t\t\tSeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege': 0.0, None: 0.9769319492502884, 'SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0}
- Person6:
{'SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege': 0.01532033426183844, 'SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege\n\t\t\t\tSeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege': 0.0, 'SeAssignPrimaryTokenPrivilege SeAuditPrivilege': 0.0, None: 0.9846796657381616, 'SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege': 0.0}
# event_data.TargetOutboundDomainName
- Person1:
{None: 0.9433198380566802, '-': 0.05668016194331984}
- Person2:
{None: 0.9682539682539683, '-': 0.031746031746031744}
- Person3:
{None: 0.9938093272802311, '-': 0.006190672719768881}
- Person4:
{None: 0.9585889570552147, '-': 0.04141104294478527}
- Person5:
{None: 0.9769319492502884, '-': 0.02306805074971165}
- Person6:
{None: 0.9846796657381616, '-': 0.01532033426183844}
# event_data.KeyType
- Person1:
{None: 0, '%%2500': 0}
- Person2:
{None: 0, '%%2500': 0}
- Person3:
{None: 0, '%%2500': 0}
- Person4:
{None: 0.9969325153374233, '%%2500': 0.003067484662576687}
- Person5:
{None: 0.9976931949250288, '%%2500': 0.002306805074971165}
- Person6:
{None: 0, '%%2500': 0}
# event_data.LogonType
- Person1:
{None: 0.937246963562753, '5': 0.05263157894736842, '2': 0.010121457489878543}
- Person2:
{None: 0.9662698412698413, '5': 0.031746031746031744, '2': 0.001984126984126984}
- Person3:
{None: 0.9936029715229054, '5': 0.006190672719768881, '2': 0.0002063557573256294}
- Person4:
{None: 0.9555214723926381, '5': 0.03834355828220859, '2': 0.006134969325153374}
- Person5:
{None: 0.97520184544406, '5': 0.02306805074971165, '2': 0.0017301038062283738}
- Person6:
{None: 0.9846796657381616, '5': 0.01532033426183844, '2': 0.0}
# event_data.SourceIsIpv6
- Person1:
{None: 0, 'false': 0, 'true': 0}
- Person2:
{None: 0, 'false': 0, 'true': 0}
- Person3:
{None: 0, 'false': 0, 'true': 0}
- Person4:
{None: 0, 'false': 0, 'true': 0}
- Person5:
{None: 0.9175317185697809, 'false': 0.021337946943483274, 'true': 0.06113033448673587}
- Person6:
{None: 0, 'false': 0, 'true': 0}
# event_data.KeyLength
- Person1:
{None: 0.9412955465587044, '0': 0.058704453441295545}
- Person2:
{None: 0.9662698412698413, '0': 0.03373015873015873}
- Person3:
{None: 0.9936029715229054, '0': 0.0063970284770945105}
- Person4:
{None: 0.9585889570552147, '0': 0.04141104294478527}
- Person5:
{None: 0.97520184544406, '0': 0.024798154555940023}
- Person6:
{None: 0.9846796657381616, '0': 0.01532033426183844}
# event_data.TerminalSessionId
- Person1:
{None: 0.7753036437246964, '0': 0.13765182186234817, '1': 0.08704453441295547}
- Person2:
{None: 0.6507936507936508, '0': 0.047619047619047616, '1': 0.30158730158730157}
- Person3:
{None: 0.9851423854725547, '0': 0.007635163021048288, '1': 0.007222451506397029}
- Person4:
{None: 0.897239263803681, '0': 0.03374233128834356, '1': 0.06901840490797546}
- Person5:
{None: 0.9117647058823529, '0': 0.04498269896193772, '1': 0.04325259515570934}
- Person6:
{None: 0.9052924791086351, '0': 0.06267409470752089, '1': 0.03203342618384401}
# system.Correlation.ActivityID
- Person1:
{'{e0e75f9b-2cda-0001-ec5f-e7e0da2cd601}': 0.0, '{9e1903ff-2cdb-0000-0b05-199edb2cd601}': 0.15587044534412955, '{7eccaef9-2cd8-0000-01b0-cc7ed82cd601}': 0.0, None: 0.8441295546558705, '{46ce64eb-2cda-0001-3665-ce46da2cd601}': 0.0, '{a21559d7-2cda-0001-275a-15a2da2cd601}': 0.0, '{3591cc69-2cda-0001-b1cc-9135da2cd601}': 0.0}
- Person2:
{'{e0e75f9b-2cda-0001-ec5f-e7e0da2cd601}': 0.0, '{9e1903ff-2cdb-0000-0b05-199edb2cd601}': 0.0, '{7eccaef9-2cd8-0000-01b0-cc7ed82cd601}': 0.0, None: 0.8948412698412699, '{46ce64eb-2cda-0001-3665-ce46da2cd601}': 0.0, '{a21559d7-2cda-0001-275a-15a2da2cd601}': 0.0, '{3591cc69-2cda-0001-b1cc-9135da2cd601}': 0.10515873015873016}
- Person3:
{'{e0e75f9b-2cda-0001-ec5f-e7e0da2cd601}': 0.0, '{9e1903ff-2cdb-0000-0b05-199edb2cd601}': 0.0, '{7eccaef9-2cd8-0000-01b0-cc7ed82cd601}': 0.0, None: 0.9824597606273215, '{46ce64eb-2cda-0001-3665-ce46da2cd601}': 0.0175402393726785, '{a21559d7-2cda-0001-275a-15a2da2cd601}': 0.0, '{3591cc69-2cda-0001-b1cc-9135da2cd601}': 0.0}
- Person4:
{'{e0e75f9b-2cda-0001-ec5f-e7e0da2cd601}': 0.0, '{9e1903ff-2cdb-0000-0b05-199edb2cd601}': 0.0, '{7eccaef9-2cd8-0000-01b0-cc7ed82cd601}': 0.0, None: 0.8619631901840491, '{46ce64eb-2cda-0001-3665-ce46da2cd601}': 0.0, '{a21559d7-2cda-0001-275a-15a2da2cd601}': 0.13803680981595093, '{3591cc69-2cda-0001-b1cc-9135da2cd601}': 0.0}
- Person5:
{'{e0e75f9b-2cda-0001-ec5f-e7e0da2cd601}': 0.40657439446366783, '{9e1903ff-2cdb-0000-0b05-199edb2cd601}': 0.0, '{7eccaef9-2cd8-0000-01b0-cc7ed82cd601}': 0.0, None: 0.5934256055363322, '{46ce64eb-2cda-0001-3665-ce46da2cd601}': 0.0, '{a21559d7-2cda-0001-275a-15a2da2cd601}': 0.0, '{3591cc69-2cda-0001-b1cc-9135da2cd601}': 0.0}
- Person6:
{'{e0e75f9b-2cda-0001-ec5f-e7e0da2cd601}': 0.0, '{9e1903ff-2cdb-0000-0b05-199edb2cd601}': 0.0, '{7eccaef9-2cd8-0000-01b0-cc7ed82cd601}': 0.06267409470752089, None: 0.9373259052924791, '{46ce64eb-2cda-0001-3665-ce46da2cd601}': 0.0, '{a21559d7-2cda-0001-275a-15a2da2cd601}': 0.0, '{3591cc69-2cda-0001-b1cc-9135da2cd601}': 0.0}
# event_data.VirtualAccount
- Person1:
{None: 0.9433198380566802, '%%1842': 0.0, '%%1843': 0.05668016194331984}
- Person2:
{None: 0.9682539682539683, '%%1842': 0.0, '%%1843': 0.031746031746031744}
- Person3:
{None: 0.9938093272802311, '%%1842': 0.0, '%%1843': 0.006190672719768881}
- Person4:
{None: 0.9585889570552147, '%%1842': 0.003067484662576687, '%%1843': 0.03834355828220859}
- Person5:
{None: 0.9769319492502884, '%%1842': 0.0, '%%1843': 0.02306805074971165}
- Person6:
{None: 0.9846796657381616, '%%1842': 0.0, '%%1843': 0.01532033426183844}
# event_data.RestrictedAdminMode
- Person1:
{None: 0.9433198380566802, '-': 0.05668016194331984}
- Person2:
{None: 0.9682539682539683, '-': 0.031746031746031744}
- Person3:
{None: 0.9938093272802311, '-': 0.006190672719768881}
- Person4:
{None: 0.9585889570552147, '-': 0.04141104294478527}
- Person5:
{None: 0.9769319492502884, '-': 0.02306805074971165}
- Person6:
{None: 0.9846796657381616, '-': 0.01532033426183844}
# event_data.IpPort
- Person1:
{None: 0.9392712550607287, '0': 0.006072874493927126, '-': 0.05465587044534413}
- Person2:
{None: 0.9662698412698413, '0': 0.0, '-': 0.03373015873015873}
- Person3:
{None: 0.9936029715229054, '0': 0.0, '-': 0.0063970284770945105}
- Person4:
{None: 0.9570552147239264, '0': 0.0, '-': 0.04294478527607362}
- Person5:
{None: 0.97520184544406, '0': 0.0, '-': 0.024798154555940023}
- Person6:
{None: 0.9846796657381616, '0': 0.0, '-': 0.01532033426183844}
# event_data.ProcessName
- Person1:
{'C:\\Windows\\System32\\winlogon.exe': 0.0, 'C:\\Windows\\System32\\taskhostw.exe': 0.0020242914979757085, 'C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\\TiWorker.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0020242914979757085, None: 0.9352226720647774, 'C:\\Windows\\System32\\svchost.exe': 0.008097165991902834, 'C:\\Windows\\System32\\services.exe': 0.05263157894736842}
- Person2:
{'C:\\Windows\\System32\\winlogon.exe': 0.0, 'C:\\Windows\\System32\\taskhostw.exe': 0.0, 'C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\\TiWorker.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.001984126984126984, None: 0.9662698412698413, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\System32\\services.exe': 0.031746031746031744}
- Person3:
{'C:\\Windows\\System32\\winlogon.exe': 0.0, 'C:\\Windows\\System32\\taskhostw.exe': 0.0, 'C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\\TiWorker.exe': 0.902600082542303, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0002063557573256294, None: 0.09100288898060256, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\System32\\services.exe': 0.006190672719768881}
- Person4:
{'C:\\Windows\\System32\\winlogon.exe': 0.004601226993865031, 'C:\\Windows\\System32\\taskhostw.exe': 0.0, 'C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\\TiWorker.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0, None: 0.9570552147239264, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\System32\\services.exe': 0.03834355828220859}
- Person5:
{'C:\\Windows\\System32\\winlogon.exe': 0.0, 'C:\\Windows\\System32\\taskhostw.exe': 0.0005767012687427913, 'C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\\TiWorker.exe': 0.0034602076124567475, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0017301038062283738, None: 0.9711649365628604, 'C:\\Windows\\System32\\svchost.exe': 0.0, 'C:\\Windows\\System32\\services.exe': 0.02306805074971165}
- Person6:
{'C:\\Windows\\System32\\winlogon.exe': 0.0, 'C:\\Windows\\System32\\taskhostw.exe': 0.001392757660167131, 'C:\\Windows\\WinSxS\\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.411_none_5f53d2d858cf8961\\TiWorker.exe': 0.0, 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe': 0.0, None: 0.9818941504178273, 'C:\\Windows\\System32\\svchost.exe': 0.001392757660167131, 'C:\\Windows\\System32\\services.exe': 0.01532033426183844}